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@MILIEFSKY Chon 


From the CYBER DEFENSE MAGAZINE 


Publisher... WS 


Dear Friends, 


Now in our 12t year of publication, we would like to recognize the broadening readership base of Cyber Defense Magazine and 
the complementary offerings of Cyber Defense Media Group. As always, we are dedicated to bring our contributors and readers 
the most up-to-date and actionable intelligence to conduct the most effective cyber security program to meet the challenges in 
our industry. 


Among the valuable activities and services at Cyber Defense Media Group, today we feature the CDMG Global Awards program 
at https://cyberdefenseawards.com/ , and the many participating professionals who have earned this important recognition for 
their contributions to the cybersecurity industry. Reflecting the expansion of cybersecurity-related activities, readers will note the 
addition of several new award categories. 


We would like to remind our contributors and supporters that the 2024 RSAC Conference will take place in San Francisco, CA, 
May 6-9, 2024. The theme is The Art of the Possible, and online registration is available at 
https://www.rsaconference.com/events/2024-usa Submissions Are Now Open for RSAC Innovation Sandbox and RSAC 
Launch Pad. Learn More 


As always, we strive to be the best and most actionable set of resources for the CISO community in publishing Cyber Defense 
Magazine and broadening the activities of Cyber Defense Media Group. With appreciation for the support of our contributors 
and readers, we continue to pursue our role as the premier provider of news, opinion, and forums in cybersecurity. 


Warmest regards, 
Gary $. Mil leaky 


Gary S.Miliefsky, CISSP®, fmDHS 
CEO, Cyber Defense Media Group 
Publisher, Cyber Defense Magazine 


P.S. When you share a story or an article or 
information about CDM, please use #CDM and 
@CyberDefenseMag and @Miliefsky — it helps spread 


the word about our free resources even more quickly 
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Welcome to CDM’s February 2024 Issue 
From the Editor-in-Chief 


From the Editor's desk, we see a subtle shift in the topics of articles submitted by our contributing authors to Cyber 
Defense Magazine. As we have mentioned in earlier editions, the vast majority of our articles are submitted 
unsolicited by professionals with expertise in various aspects of cybersecurity and related fields. 


Readers will note the inclusion of a variety of new perspectives among the articles in this issue. They appear to 
reflect both the perception of threats and the means of responding to them, both by traditional innovative means. 


Overall, the trends show an expected expansion of role of CISO, as well as some expansion of need for CISOs to 
include services of other specialized professionals. 


We continue to cover developments in artificial intelligence and regulatory actions, which together provide context 
for preparing cybersecurity protections for the present and the future. Recognition of challenges in the near term 
can help ClSOs and their organizations and colleagues best prepare to overcome the ongoing threats in 
cyberspace. 


As always, we are pleased to receive your proposals for articles. Please remember to submit all articles on the 
Cyber Defense Magazine writer's kit template, which incorporates the major terms and conditions of publication. 
We make every effort to close out acceptance of articles by the 15" of each month for publication in the following 
month’s edition. 


Wishing you all success in your cybersecurity endeavors, 


Yow G55 


Yan Ross 
Editor-in-Chief 
Cyber Defense Magazine 


About the US Editor-in-Chief 


Yan Ross, J.D., is a Cybersecurity Journalist & U.S. Editor-in-Chief of Cyber 
Defense Magazine. He is an accredited author and educator and has 
provided editorial services for award-winning best-selling books on a variety 
of topics. He also serves as ICFE's Director of Special Projects, and the 
author of the Certified Identity Theft Risk Management Specialist ® XV 
CITRMS® course. As an accredited educator for over 20 years, Yan 
addresses risk management in the areas of identity theft, privacy, and cyber 
security for consumers and organizations holding sensitive personal 
information. You can reach him by e-mail at 


yan.ross@cyberdefensemagazine.com 
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ARTICLES 


Cybersecurity professionals, as with virtually every other organizational function, are always challenged 
to respond to competing and conflicting imperatives. Based on the authors more than 25 years of 
experience of management in the aluminum industry, this article sets out replicable ways of dealing with 
and harmonizing competing priorities. Starting from a top-down view, and then identifying specific threats 
and challenges, the conclusions reflect the general application of actionable information for managing 
risk and achieving cybersecurity compliance and efficiency. 


Currently within the purview of the Department of Homeland Security (DHS) and its subsidiary the Critical 
Infrastructure Security and Resilience Agency (CISA), the designation of 16 sectors of critical 
infrastructure and the responsibility for assuring their security and resilience encompass nearly every 
vital economic activity. 
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It is highly likely that the employers of every CISO in some fashion operate in one or more of these 
sectors. Similar requirements for these organizations are in large part applicable to those levied upon 
my industry. For your convenience, the list of the 16 sectors is posted online at 


https ://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors 


Drilling down, Aluminum is listed in the Critical Manufacturing Sector, and specifically designated as a 
“core” of the sector in the Sector Overview. 


The Critical Manufacturing Sector identified several industries to serve as the core of the sector: 


e Primary Metals Manufacturing 
e Iron and Steel Mills and Ferro Alloy Manufacturing 


e Alumina and Aluminum Production and Processing 
e Nonferrous Metal Production and Processing 


Conflicting and Competing Priorities in Aluminum 


While specifically only applicable to the aluminum market, the current situation illustrates how an industry 
can face forces which can fundamentally impair its ability to support a vigorous sector of our critical 
infrastructure. Your industry will probably face different challenges, but the principles of responding to 
such threats are likely to be very similar. 


Without needlessly reciting history or straying far from the thrust of this article, the nub of the matter is 
that the American aluminum industry is currently about 1 million metric tons of processed aluminum 
(“billets”) short of the annual needs of the critical manufacturing sector. 


We rely to a large extent on the importation of processed aluminum billets, from numerous other 
countries. Among them is Russia, which is currently subject to sanctions in the form of a 200% [not a 
typo] tariff on this product. 


The tariff is an application of our foreign policy with respect to Russia, and is accompanied by claims of 
national security being threatened by reliance on this particular international source for the needed billets. 


But tariffs are a blunt instrument. Tariffs were originally intended to accomplish one or more of several 
principal purposes: protection of domestic industry, raise revenue, and modify the behavior of market 
participants. Unfortunately, they can also stifle the legitimate needs of American industry. 


That is the case here. We are all familiar with the so-called Law of Unintended Consequences, which 
usually comes into play in government functions. By essentially making one source of the needed 
aluminum billets unaffordable, we are starving the manufacturing sector of essential materials. The 
unintended consequence is the loss of manufacturing capacity, the loss of jobs, an unnecessary threat 
to the supply chains of our critical infrastructure, and our national security. 
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That is where things stand in my industry — we are hobbled by the conflict of several governmental 
imperatives. 


Information Technology and Operational Technology 


Of course, there are the obvious applications of IT and OT in the aluminum industry, just as there are in 
the endeavors of readers of Cyber Defense Magazine. 


Participants in the aluminum industry rely on Supervisory Control and Data Acquisition (SCADA), IT, OT, 
and other computer-based systems. We are subject to many of the same requirements as other 
organizations using these systems. In collecting, transmitting, sharing, and storing data, we must 
maintain its confidentiality, integrity, and accessibility. 


We, too, face conflicting priorities, and must find ways to comply and harmonize our responsibilities. Let 
me mention a few of them. 


e Privacy concerns and rights of consumers, vendors, customers, and regulators often conflict with 
duties to comply with legal process for discovery under criminal investigations. 

e Artificial Intelligence applications are growing in the impenetrable thicket of patents, copyrights, 
and other protected intellectual property. 

e We all operate on the Security-Convenience spectrum, choosing how to balance the two priorities 
e Risk Management is another overlap in our activities, especially choosing which risks to retain 
and resolve and which ones to lay off on a third party (cyber liability insurance, for example) 

e We also must recognize that compliance with Legal and Regulatory requirements may not always 

be sufficient to avoid liability for our organization’s acts or omissions 


How we are addressing these challenges 


Based on my belief that in the marketplace, as in life, we are more alike than we are different, we are 
taking several parallel steps in our future strategy and operations. We have established ourselves in the 
industry as both a niche player and a vertical expansion vehicle. There are four principal initiatives we 
are pursuing to implement our program, and | believe that in your capacity with your own organization, 
you will find them instructive. 


Internal 


We have created an organization culture to encourage our employees to be dedicated to the mission of 
our company. They understand and value the work we do, and are committed to our success. Training 
and education are an integral part of our advancement program. In cybersecurity terms, we assure that 
everyone is aware of the latest developments and prepared to avoid cyber attacks. 
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Marketplace 


As we source products to deliver and support the critical infrastructure sector of manufacturing, and 
aluminum in particular, we conduct very detailed information and analysis of supply and demand data, 
our competitors, and relevant trends affecting our business. 


That includes both upstream and downstream verticals, as our vendors, customers, and related providers 
are constantly engaged in mergers and acquisitions. 


Government 


Any organization operating in an industry subject to State and federal laws and regulations, or doing 
business directly with any level of government, or receiving any funding from government sources, 
inevitably faces requirements to comply with some form of statute or regulation. 


We conduct an ongoing review of the places where our operations intersect with these types of 
requirements. 


Of the three branches of government, our general approach is to work directly with the agencies of the 
executive branch first, since that is where laws are applied and enforced and where regulations are 
promulgated. 


In the event of conflicts in public policy priorities, or inconsistencies in legislation, we occasionally provide 
information to legislators where that may assist them in making needed changes to statutory law. 


In general, we prefer to avoid the costly and lengthy judicial process, but we do follow legal actions taken 
by others in our industry, including the trade associations of which we are members or supporters. 


Community 


Last, but never least, we work to support and coordinate our activities with the communities where we 
have operations or where others in our industry can do so. We encourage our company leaders and all 
employees to be active in their own communities. It’s just good business. 


Conclusions 


Cybersecurity is a growing and well-recognized element of every successful business. Its importance is 
demonstrated by the awareness of top management and directors of organizations, and further reflected 
in the budget and staffing provisions in this area. 


The CISO does not exist in a vacuum, and the successful integration of cybersecurity into the 
organization’s overall activities depends on navigating a broad two-way street: the CISO must keep 
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current on the mission and values of the organization, and the leaders of the organization must assure 
that all employees, from top to bottom, are cognizant and duly respect the role of cybersecurity. 


About the Author 


Brian Hesse is co-owner, President, and Chief Executive Officer of PerenniAL. 
He has 26 years of experience in the aluminum industry in a variety of executive 
leadership, sales and marketing positions, including President/Chief Executive 
Officer for the Americas at Rusal America Corporation; Vice President/Sales and 
Marketing for the Americas at Vedanta Resources Limited; Global Defense Sales 
Director and Americas Sales Director - Industrial at Aleris International, Inc.; and 
Director of Global Accounts at Ryerson Corporation, where he began his career 
in the industry. 


Brian serves as Chairman of the Board for Big Brothers Big Sisters in 
Westchester County, NY, and is a frequent volunteer at the organization’s 
events. He also is a Board Member of the Northwest Missouri State University 
Foundation, where he is a graduate. In his free time, Brian enjoys tennis and other outdoor activities with 
his family. Brian is an avid Kansas City Chiefs fan. 


The PerenniAL website is at https://www.theperennial-group.com/ and Brian can be reached online at 
https:/Awww.linkedin.com/in/aluminumexpert/ 
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Why does every license agreement and data protection addendum, suddenly, include a right for the 
buyer to perform a security audit on the vendor? Because in recent years, the number of vendors causing 
a security incident to their customer has increased. This, in turn, led to a number of regulations imposing 
new vendor management requirements. 


Alarmingly, a substantial 54% of businesses fail to adequately diligence their third-party vendors. And 
yet 98% of businesses have at least one vendor that has suffered a security breach. 
Source: https://www.resmo.com/blog/third-party-data-breach-statistics 


The financial implications of breaches are significant with the average cost of a data breach rising to 
$4.35 million globally, and even higher in the United States. The cost is so high that 60% of SMBs shut 
down within six months of a data breach. (Security Intelligence, 2021) 
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So, monitoring and managing vendor security is no longer a nice to have. It is a need to have. And the 
regulators have taken notice. Most privacy laws include a cybersecurity audit or vendor due diligence 
requirement. 


For example, the General Data Protection Regulation (GDPR), the EU data privacy law, mandates due 
diligence on processors to ensure they comply with data protection and security measures. Review 
Articles 28, 24, 29 and 46 for their obligations regarding the roles of controllers and processors. Similarly, 
Article 9 of the California Privacy Protection Act (CPPA) requires cybersecurity audits of service providers 
and the service provider’s corresponding cooperation. Similarly, the NY Shield Act obliges businesses to 
have “reasonable safeguards” that includes vendor due diligence. 


This evolving regulatory environment, coupled with the substantial risks and costs associated with 
vendor-related data breaches, underscores the need for a more sophisticated and robust approach to 
vendor management. Addressing these challenges is critical to safeguarding organizational and 
customer data in an increasingly interconnected ecosystem. 


Generative A.I. has a role to play in advancing an organization’s ability to comply with these regulations 
and improve the vendor management audit process. 


2. Current Vendor Management Practices 


Currently, vendor management is a procurement function that faces a headwind of silos and biased 
perception. When a buyer is in the market for a new vendor, the business owner conducts the search, 
ultimately choosing the vendor prior to the input from any other business unit. This selection in a silo 
process costs the organization which in turn puts pressure on procurement, legal, privacy and security 
teams to “approve” the vendor. While these teams likely are able to withstand such pressure; it is at a 
cost, which is the cost of their relationship with a colleague. 


In addition, each of these teams has their own agenda, priorities and expertise. Typically, the 
procurement team is incentivized to negotiate the best price, regardless of whether that may require 
foregoing some of the vendor’s offered security enhancements. Legal and privacy are responsible for 
vendor compliance with policies and laws, which requires review of contract terms and redlining of 
unfavorable terms. The security team is similarly tasked with vendor compliance with policies and security 
regulations, which they satisfy through questionnaires or third-party audit reports. 


Therefore, not only must they be prepared with paperwork for the vendor and knowledge of privacy and 
cybersecurity, but they also have to be ready, at any given moment, to drop what they are doing and 
review the information that the vendor sends back to them. 


All the while, the business unit buyer sees these colleagues as blockers to reaching the desired 
outcome. 


Finally, once the vendor is selected, the ongoing monitoring is even worse. Whose job is it to send the 
annual review? Who conducts that annual review and keeps track of it? How are they going to prove to 
the regulators that they have complied with the law? 
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3. Generative Al Could be the Game-Changer 


Generative A.I. technology is revolutionizing vendor management. If we look at the root cause of the 
vendor management problem, it is because it is filled with tedium. Generative A.I. reduces some of the 
tedious work. 


Generative A.I. will improve vendor management in the following ways: 


e Improve systems of record, 
e Improve process development and execution, and 
e Speed up vendor response. 


First, Generative A.I. improves systems of record dramatically by enabling Generative A.I. querying. In 
other words, once you have a system of record or a knowledge base, being able to ask it questions and 
receive answers relatively quickly is a much more pleasant experience than skimming through 150-page 
document. 


Second, Generative A.I. improves process development and execution because it can now generate the 
policy or the questionnaire from other sources in the knowledge base, including new regulations. For 
example, several U.S. states had their new privacy laws go into effect in 2023. With Generative A.I. you 
can store those laws in your knowledge base and then write a prompt for the Generative A.I. to develop 
a new vendor questionnaire based on the regulations. You could even upload the vendor response to 
the questionnaire and ask it to determine if the vendor had any discrepancies. Note, using Generative 
A.I. for this last task, at the moment, is not very reliable, but | believe it will get better with time. 


Third, Generative A.I. will speed up the vendor response to these reviews and audits because once the 
vendor has built its own knowledge base of its privacy and security program, responding to questions, 
no matter how they are worded or phrased, becomes significantly easier and faster. 


4. Conclusion 


The ultimate goal here is two-fold. Improve the internal relationship between the business teams and the 
operations teams and improve the process so that risky vendors are identified early and eliminated. With 
Generative A.I., systems of record become more interactive, allowing for quicker and more efficient 
querying experiences. This technology can also autonomously develop and refine processes, such as 
generating updated vendor questionnaires based on the latest regulations, which optimizes compliance 
efforts. Additionally, it promises to expedite vendor responses to reviews and audits by facilitating faster 
access to a vendor's privacy and security information. As the reliability of Generative A.I. advances, it will 
become an indispensable tool for enhancing the efficiency and effectiveness of vendor management. 
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Online customers don’t take long to get fidgety. 


They want their transactions to happen — and they want them to happen now. The more clicks they need 
to make, the more passwords and PINs they need to enter, the more security questions they need to 
answer before they can carry on with whatever business brought them, the more frustrated they get. 


Sometimes this user friction becomes too much for them and they bolt, never finishing the transaction 
they started or intended to start. 


That leaves businesses in a quandary. Streamlining the process will make those customers happier, but 
possibly at the cost of security. And if someone steals the customers’ personal identifying information, 
they aren’t going to be thrilled with that at all and likely will blame the business. 


Fortunately, there is an answer, an alternative that will remove some of the steps that are slowing these 
processes down and yet make the transaction even more secure, all at the same time. 
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How so? Businesses can make things better for everyone by confirming a user identity through the 
integration of biographic information with biometric information 


The Benefits and Limitations of Biographic Information 


People and businesses use biographic information — name, address, date of birth, and other identifiers — 
all the time as a way to ascertain that a person is who they claim to be. 


This is a good thing — as far as it goes. Biographic information, after all, is a basic element of identity 
verification in so many instances, serving as the initial layer of authentication. A business can match the 
information a person provides with existing records to establish a foundational level of trust. Yes, this 
person appears to be who they claim to be. 


Unfortunately, biographic information isn’t always enough. Cybercriminals are frustratingly adept at 
breaking through cybersecurity efforts and stealing people’s personal data. With that data in hand, they 
masquerade as the real person, creating problems for businesses and for the identity-theft victims. It’s 
disturbing beyond measure, but it’s also, sadly, the reality we face. 


Fortunately, there is an excellent way to bolster the biographic information without bogging down users 
with all those passwords, PINs, and other security steps. This is by using biographic information backed 
up with biometric information. Together, the two make an outstanding team. 


The Integration of 2 Types of Identifiers 


Cybercriminals face a much greater challenge in trying to steal someone’s identity when biometric 
information is involved. 


This is because biometric information encompasses unique physical or behavioral traits that distinguish 
one person from another. 


Common biometric qualities or attributes include fingerprints, facial recognition, iris scans, and voice 
recognition. In some cases, even behavioral biometrics come into place, such as how an individual uses 
keystrokes when typing on the computer. Once a person’s keystroke rhythm is determined and recorded, 
then that becomes another identifier. 


An identity thief might be able to steal records related to birth dates and addresses, but these biometric 
markers aren't so easy to forge. The thief may present a name, age, and address that says they are a 
particular person, but facial recognition says otherwise. 


This is why biometric markers are ideal for enhancing the security of online transactions. Integrate 
biometric information into the process and businesses can reduce the risk of fraudulent activities. 
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How This Plays Out in the Real World 


Any industry can make use of the synergy between biographic and biometric information, but let’s look 
at a couple of specific areas where the combination is especially beneficial. 


Banks _and_financial_institutions are already at the forefront, in part because so many customer 
transactions take place virtually these days rather than in person with the customer standing in front of a 
teller. Banks can have a customer take a photo of themselves and provide identification that already has 
the likeness on it. Their image is then stored and facial recognition software is used when they are 
involved in a transaction. 


Healthcare is another area where protecting data is important. In this case, it is the patient's medical 
records that contain all sorts of personal information and must be kept secure. With remote doctor visits 
and patients accessing their records through online portals, the integration of biographic and biometric 
information adds that extra layer of security that is critical. 


As businesses move forward with this, though, they will need to keep a few things in mind. For example, 
biometric information is wonderful for helping verify a person’s identity, but once the business collects 
and stores the information, it must be kept secure. That will require the business to implement secure 
encryption, adhere to stringent data protection regulations, and ensure transparent policies are in place 
for the use and retention of biometric information. 


To make sure customer trust isn’t compromised, the business should make sure it has user consent and 
that the customers are told how the data will be handled. 


But despite those caveats, businesses and consumers alike will find that the integration of biographic 
information with biometric information will lead to more secure transactions. 


And eliminate some of those customer frustrations in the process. 
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The Cybersecurity Maturity Model Certification (CMMC) is a United States Department of Defense (DoD) 
program that will require the assessment of existing security requirements for the protection of federal 
contract information (FCI) and controlled unclassified information (CUI). These requirements apply to 
over 220,000 prime contractors and subcontractors that comprise the defense industrial base (DIB). 
Regardless of the maturity level of an organization’s cybersecurity program, adhering to a framework 
such as CMMC can serve as a catalyst for transformative organizational change. 
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History of CMMC 


Defense contractors are required to implement security controls to safeguard sensitive unclassified 
information. For example, in cases where the government issues solicitations or contracts involving the 
processing, storage, or transmission of FCI, contractors are required to implement the fundamental 
safeguarding requirements outlined in the Federal Acquisition Regulation (FAR) clause 52.204-21. 
Similarly, for defense contracts where CUI will be processed, stored, or transmitted during the 
performance of the contract, the contractor must implement the security requirements in NIST SP 800- 
171 per Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012. Enforcement of 
these requirements is primarily achieved through self-attestation. A 2019 DoD Inspector General report 
found that implementation of these requirements is inconsistent, and self-attestation does not provide 
sufficient assurance that defense contractors are implementing adequate measures to protect sensitive 
unclassified information. Additionally, the report recommended the DoD take steps to more effectively 
validate contractor compliance with CUI protection requirements. It also recommended improvement in 
DoD contracting processes and enhancements to procedures related to document marketing. 


While unclassified, information like CUI holds significant importance to the economic and national security 
of the United States. In recognition of this, the FY20 National Defense Authorization Act (NDAA) charged 
the DoD with creating a “consistent, comprehensive framework to enhance cybersecurity for the United 
State defense industrial base.” This requirement led the DoD to create an initial iteration of CMMC, 
incorporating five scaled levels of security practices. These were based on requirements such as FAR 
52.204-21 clause and NIST SP 800-171, in addition to process maturity requirements. A second iteration 
(CMMC 2.0) reduced the security requirements in the model to directly align with NIST SP 800-171 and 
FAR 52.204-21, removed the process maturity requirements, and condensed the number of levels to 
three. 


In 2020, the DoD released an interim final rule that established a new DFARS clause around CMMC and 
the assessment of NIST SP 800-171 security requirements. Currently, defense contractors handling CUI 
must perform a self-assessment of the NIST SP 800-171 security requirements and submit the results of 
the self-assessment to the government. 


2023 Proposed Rule 


In 2023, the DoD released another rule that builds upon the 2020 rule. This rule is a “proposed rule,” 
meaning that the DoD must adjudicate and respond to public comments prior to the rule being final. While 
this rule clarifies many public questions regarding CMMC and introduces some new requirements on 
defense contractors, the security requirements for Levels 1 and 2 remain the same. For organizations 
that must attain CMMC Level 1 and for some that must attain CMMC Level 2, there is a requirement to 
perform a self-assessment and provide an annual affirmation of compliance with CMMC requirements. 
Additionally, for most organizations that must attain CMMC Level 2, an independent third-party must 
assess implementation of NIST SP 800-171. A very small subset of defense contractors that support 
critical DoD programs will also need to achieve CMMC Level 3 and will be assessed by the Defense 
Industrial Base Cybersecurity Assessment Center (DIBCAC). CMMC Level 3 is the only level that will 
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require the implementation of additional security requirements intended to reduce the risk of compromise 
by advanced persistent threats. 


Transformative Change 


While this proposed CMMC rule introduces additional requirements for defense contractors, it also 
presents an opportunity for deliberate and transformative change. Organizations that must comply with 
CMMC should consider stepping back and evaluating not only if security requirements are being met, but 
also if their cybersecurity program is poised to consistently meet these requirements over time and deliver 
value to the business. 


Organizations should consider the following to use CMMC adoption for transformative change: 


1. Understand how meeting CMMC will enable the organization to meet strategic goals and ensure 
the cybersecurity program strategy is aligned with these goals. 

2. Obtain senior leadership buy-in for the necessary resources—people, funding, and tools—to meet 
and maintain compliance with CMMC. 

3. Evaluate if CMMC security requirements also provide benefit to proprietary information that is not 
used in the performance of defense contracts. 

4. Ensure that improvements to security controls are adequately documented in policies and 
procedures. Dedicating proper time and attention to documenting cybersecurity processes will 
improve the acculturation of the processes so that they are retained even in times of 
organizational stress. 

5. Schedule and plan continuous risk assessments to proactively manage cybersecurity and identify 
gaps ahead of CMMC assessment or affirmation obligations. 


Another important factor for organizations to consider when building or improving a cybersecurity 
program is the incorporation of performance management into operational processes. A CMMC 
assessment validates the implementation of security requirements at a point in time and does not provide 
organizational leadership continued assurance that cybersecurity measures are durable over time and 
aligned to strategic objectives. A more powerful approach includes the development of metrics to validate 
performance of these requirements over time to ensure they continue to provide a security posture 
commensurate with organizational needs as threat environments evolve. Organizations should regularly 
communicate the achievement of key metrics to ensure the effectiveness of security controls over time 
and to provide rationale for key decisions. 


System of Record 


Cybersecurity leaders, such as Chief Information security Officers (CISOs), have increased motivation to 
ensure that due care is used in the implementation and validation of cybersecurity controls. Recent rules 
adopted by the Securities and Exchange Commission (SEC) put pressure on public companies to 
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disclose material cybersecurity incidents within four days of determining materiality. Additionally, the 
Department of Justice’s (DOJ) Civil Cyber-Fraud_ Initiative will allow cases of fraud related to 
organizational misrepresentation of cybersecurity capabilities to be pursued. The DOJ has already taken 
action against a number of organizations, such as a recent settlement with Verizon that resulted in a $4 
million fine. 


So, how does a CISO ensure that the organization is continually meeting compliance obligations and 
using due care with respect to cybersecurity strategy, controls, and outcomes? A key capability to 
consider is the implementation of a system of record. A system of record establishes an authoritative 
source of truth about the organization’s cybersecurity program that helps leadership understand the 
cybersecurity posture of the organization, align cybersecurity investments with strategic objectives, and 
meet regulatory obligations. A system of record may include the results of security and risk assessments, 
metrics related to security controls, status of planned and in-progress improvement activities, and an 
understanding of the potential impact of threats. 


CMMC requires defense contractors to provide an annual affirmation that the organization is maintaining 
compliance with the security requirements. A system of record will provide a CISO and other senior 
officials with the necessary support and justification to affirm compliance in good faith. Additionally, a 
system of record can help the organization justify that cybersecurity decisions were made based on sound 
rationale and best available information. This can be particularly useful post-breach if the organization 
needs to answer to regulators, the government, customers, and other stakeholders. 


Access to advanced attack techniques, even by less sophisticated threat actors, is driving increased 
scrutiny of cybersecurity measures. It is paramount that organizations carefully review their cybersecurity 
capabilities—regardless of maturity level—and evaluate if they will be durable when tested. Beyond 
adopting new security requirements, organizations should place the development of a performance 
management program high on their list of program improvements. Establishing and monitoring metrics is 
critical to ensure security controls are performing adequately, to protect the organization, and to validate 
compliance with regulations, like CMMC. Coupled with a system of record, organizations can more 
effectively prove that they have not only achieved and maintained compliance, but have done so with 
appropriate due care. Compliance without cybersecurity performance monitoring and improvement is a 
poor organizational investment. 
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Security will continue to head the list of priorities for CISOs in 2024, but how we secure our enterprises 
will need rethinking in the face of the workplace revolution. 


No, this isn’t another article about Al, but about the hybrid workplace. 


The pandemic didn’t create hybrid working, but it massively accelerated trends that were already in play 
turning what had been a steady movement into a revolution. The IT firefighting that started in 2020 to 
cope with the exodus of office users may have ceased as the Covid crisis becomes a fading memory, 
but the issues haven’t gone away. The first 100% digital workforce of GenZ’s and millennials continue to 
demand a certain level of workplace freedom. 


Around half the white-collar workforce now works away from corporate offices for at least two days a 
week. This has profound implications for IT: 


e Remote users are harder and more expensive to manage and support than office-based staff 
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e IT no longer controls where and how users connect to enterprise applications — making it harder 
than ever to impose a security perimeter 

e While out-of-office work has increased exponentially, security and networking teams have 
expanded incrementally, if at all. Their workload has risen accordingly, as has mean time to 
resolution of issues 

e The nature of security threats and the tactics needed to address them are changing. 


Security is only half the picture. Exclusively focusing on security can obscure what IT is there to do, which 
is to improve the productivity of staff, the experience of users and customers, and the profitability of the 
enterprise. 


Ensuring the security of your organization should not come at the cost of a subpar IT experience or hinder 
your users' ability to perform as well as with their office-bound peers. 


Cloudbrink believes that maintaining security and quality of experience in all corners of the hybrid 
workplace is one of the major challenges facing enterprises in 2024. 


While most of the attention is on the security challenges, users connecting to the enterprise via Wi-Fi, 
4G/5G and consumer grade broadband face numerous network reliability and performance issues that 
can severely compromise user experience and productivity. Unresolved connectivity problems can 
undermine morale, jeopardize employee retention, diminish customer service quality, and ultimately 
threaten security as users seek alternative solutions to bypass difficult IT systems. 


Don’t take our word for it. Last year the analyst firm Enterprise Management Associates (EMA) polled 
354 IT pros including CIOs, CISOs, and networking and security teams. 


The research concluded that: 


e Less than a third of enterprises (32%) believe they have fully succeeded in providing parity of 
experience to users in and out of the office. 

e The siloed structure of IT organizations results in security and networking teams each following 
their own agenda. Security is usually the higher priority with security teams typically taking a lead 
role in shaping how remote users connect to the enterprise. 

e Respondents typically saw security and performance as a trade-off: you can have one or the 
other, but not both. 46% admitted that they prioritize security over performance while only 34% 
try to optimize both. 

e Most of the solutions deployed for secure application access, including VPN, ZTNA, SD-WAN 
and SASE incurred performance and other overheads. For instance, SD-WAN solutions for home 
users typically involve uprated network connections and — in nearly three-quarters of cases — 
hardware rollouts. 

e VPN was the most used solution, deployed by 61% of enterprises, but considered optimal by only 
46%. 
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One of our customers, a Fortune 100 entertainment and media company, illustrates the 
security/productivity dilemma. During lockdown and with most of its developers working remotely, the 
company was racing to meet a deadline for the launch of a consumer product. 


Remote developers were only able to perform one or two code check-ins involving very large file transfers 
a day, compared with four or five for office-based staff. As the risk of missing the project deadline 
increased, the company even considered turning off security to improve connection speeds. We were 
able to solve the problem before the customer had to take such drastic action. No CISO would wish to 
face a similar choice. 


Another big challenge for IT in the era of the hybrid workplace is that you dont just need to secure two 
locations but all locations. Work from home is increasingly becoming a misnomer. Users will spend some 
time in the office, some at home, some on the road, some in a hotel, a coffee shop, a weekend retreat... 
A better term is work from anywhere (WFA), which means you need security (and performance) 
everywhere. 


The revolution is being driven not just by once-in-a-generation events such as global pandemics, but by 
the expectations of a changing workforce. WFA will challenge existing security practices. It no longer 
makes sense, for example, to rely on flagging anomalous access patterns when the pattern is constantly 
changing. 


It used to be that a typical user went home to the same location every day and logged in at about the 
same time for email or access to an internal service. If the same user logged in from Cambodia at 2am, 
you would block the connection. 


Like users, enterprise services are also moving at unprecedented pace, moving out of traditional data 
centers to the cloud and to the edge. According to the EMA study, 83% of enterprises are moving 
applications edge-ward in the hope of resolving latency issues. Any performance benefits depend on how 
they add security into the mix. If traffic is still backhauled to the cloud or the enterprise data center for 
inspection, those gains will be lost. 


This is another illustration of why the hybrid workplace demands an architectural rethink away from 
centralized networking and security architectures and towards cloud- and edge-native architecture. It will 
mean a shift from traditional gateway-based approaches to dark networks and automated moving target 
defense security (AMTD). 


According to Gartner, AMTD is an evolution of MTD, which is based on the basic premise that ‘a moving 
target is harder to attack than a stationary one’. It involves the use of strategies for orchestrating 
movement or changes in various IT environment components and layers, across the attack surface, to 
increase uncertainty and complexity within a target system.” 


In a world where the workforce is constantly on the move, AMTD is a more satisfying concept than the 
old-fashioned notion of a secure perimeter. While AMTD is an aspiration rather than a reality for most 
enterprises, elements of it are already available. 
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For example, the Cloudbrink service uses transient points of presence (PoPs) called FAST edges, which 
are spun up on demand and spun down at the end of a session. Unlike ZTNA services that rely on 
dedicated physical PoPs, this means there are no permanent IP addresses to attack. 


Cloudbrink further shrinks the attack surface by sending traffic over multiple routes. Users of the service 
are connected to three FAST edges and the routes taken by traffic change each time they use that 
application. With no fixed route and no fixed network provider, potential attackers will struggle to find a 
target. 


The third element in the defensive armory is short-life security certificates. Administering security 
certificates is an operational headache — one reason why many vendors leave them in place for anything 
from six months to 10 years. Cloudbrink implements mutual Transport Layer Security (TLS) 1.3 with 
certificates that are refreshed after only eight hours. In the unlikely event an attacker gains access to the 
user’s account or device, it means they only have a brief window of opportunity to make mischief. 


Lastly, while everyone is focused on remote users, perhaps the most important (and most ignored) aspect 
of hybrid work is that the same users will be in the office two to three days a week. 


If a user was on a compromised network when they were traveling, you now have that user/device on 
your network. Now multiply that problem by tens of thousands of users and devices. 


Just because an employee carries a badge, it doesn’t mean you should give them unaudited access to 
your internal network. 


So, hybrid work is going to require a change of mindset that not only affects the view of external networks 
but internal ones too. You might think of the in-office network as a giant coffee shop network which 
delivers the same levels of security control as if the user were accessing your systems from an external 
network. 


What else needs to change? 


We believe that as more users become hybrid workers, it will no longer be acceptable to offer a different 
in-office and work-from-anywhere experience. Security will always be a top priority, but ClOs will not 
accept it as a valid excuse for suboptimal user experience. They won't settle for security at the expense 
of performance. They will demand both. 
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Whenever the new year rolls around, resolutions—to achieve a goal, improve a behavior or continue 
good practices—abound. And, while many resolutions center personal goals such as fitness or financial 
goals, the increased sophistication of cyber-crime in 2024 provides a good reason to put online safety on 
your list this year. 


So, if you are looking to switch up your resolution this year but aren’t sure where to start, you can borrow 
from the cybersecurity experts. To help kickstart 2024, the Schneider Downs cyber team shared some 
tips on how to protect yourself online: 


1. Use a Password Manager — Password managers offer a convenient and secure method to 
access your accounts by allowing you to create, store and use strong passwords in a centralized 
manner. They also allow you to keep track of a variety of passwords for individual accounts, as 
you should never use the same password for more than one account in case of a breach. 
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2. Uninstall Unused Apps — One of the simplest ways to keep your information secure is to uninstall 
unused apps from your smart devices. Even if apps are legitimate, many of them have default 
privacy settings that access your data and could potentially put you at risk if the app’s company 
is part of a breach. Be sure to take advantage of your smart device’s settings that may allow you 
to set up automatic app cleanup. 


3. Don’t Trust Unsolicited Phone Calls — Fraudulent phone calls, known as vishing, are still a 
popular phishing method of threat actors. If you receive an unsolicited phone call asking for private 
or financial information, simply hang up. If you think the call is legitimate you should hang up and 
call back a verified number. While these attacks still happen, the good news is many smartphones 
have technology dedicated to outing potential scams before your phone rings at all. 


4. Stop Blindly Scanning QR Codes — One of the odd trends of the pandemic was the resurgence 
of QR codes as conveniently contactless methods of viewing information such as restaurant 
menus. Unfortunately, phishing attacks via QR codes (known as quishing) are on the rise, to the 
tune of 587% between August and September of 2023. QR codes are useful but be cautious and 
verify the domain associated with a QR code before you scan it. Remember, anybody can make 
a QR code, especially those with malicious intent. 


5. Regularly Check if Your Information is Part of a Breach — Chances are your information has 
been part of a breach in recent years. If so, you may have received an email or letter with a vague 
explanation of the breach and an offer for free credit monitoring, but we recommend being 
proactive by using verified resources, such as https://haveibeenpwned.com, to find out if your 
information is exposed. If your data is out there, be sure to check your credit report, change 
passwords and check the breached party’s website for additional resources. 


Those are our cybersecurity resolutions for the new year, what are yours? 
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Cybercrime is set to cost $10.3 trillion worldwide by 2025, and it’s growing fast. It’s a multi-pronged 
mutating threat that excels at evading detection. But left unchecked, it can pose major systemic risks to 
critical infrastructure. For example, and rather alarmingly, ransomware accounted for 54% of 


cybersecurity threats in the European health sector between 2021 and 2023. 


Wherever your organization sits in the global cyber ecosystem, the customers and partners in your orbit 
depend on you having good cyber habits to stay ahead of threats and fix network vulnerabilities that could 
cripple an IT network, as well as the third parties it does business with. 


Think of it like driving a car. Every driver understands the importance of maintaining their vehicle. Keeping 
it in good condition, checking the tyres, putting in the right fuel, Keeping it safe, and keeping it insured. 
Your business’ cybersecurity is exactly the same — and we call this ‘cyber hygiene.’ 
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Just as a driver maintains their vehicle, businesses need to maintain their cybersecurity. But the sad fact 
is that too many organizations are still failing to practice good cyber hygiene and leaving their networks 
wide open to attacks. Without good cyber hygiene, businesses are risking not just financial damage, but 
reputations that could be left in tatters: 10% of consumers will stop buying from a company if it suffers a 
data breach. It takes significant time and considerable effort to build trust with customers, and just one 
incident is enough to break it instantly or make it incredibly hard to rebuild. 


So, where are the blind spots that can make organizations vulnerable? And how can they ensure they 
are keeping themselves safe, and that the third parties and suppliers they engage with are protecting 
themselves too? 


There’s no room for complacency in cyberspace 


Cybersecurity is much more than just having a strong password, or a firewall. A common misconception 
about cybersecurity is that it's only relevant to businesses in the cyber space or those that handle 
sensitive data. Organizations might think they’re protected. But who can confidently say the same for the 
third parties they deal with...and even the third parties they then deal with? Returning to our car, think of 
your organization like the vehicle entering a series of roundabouts. 


Traffic can be flowing smoothly, until somewhere in the road network a crash happens, and the road is 
closed. The ripple effect from that causes disruption to the roads around it, including the one you are 
currently on. All of a sudden, and through no fault of your own, you are brought to a halt and unable to 
continue. Why? Because the network is interconnected. It’s the same for your digital networks. Today we 
are all digitally connected, and we all face cyber risks that ripple outward to threaten your security, and 
those of your third parties and suppliers. 


A high-profile example of this was a recent hack into a third-party vendor that caused multi-day outages 
to their client’s internal systems. The result? Financial losses estimated at nearly $9 million per day, a 
significant drop in the company’s stock price, and a loss of the one vital commodity no business can buy, 
trust. 


Keeping that trust will get harder as cyber threats evolve. It would be foolish for any organization to claim 
they have 100% security. A network system that seemed ‘healthy’ five years ago, or even one year ago, 
may now be at risk from new threats. While it’s not possible to avoid threats completely, organizations 
can take steps to mitigating the risk, and that starts with instilling good cyber hygiene habits. We've found 
that companies with good, ongoing cyber hygiene habits are breached much less frequently. In fact, 
businesses that deploy threat detection and response measures report breach event rates that are nine 
times lower than for companies whose hygiene rating is very bad. 


Take a closer look: one global Fortune 50 company realized that as its vendor portfolio grew, so did its 
potential attack surface. With detailed cyber risk assessments, the company gained ten times increased 
risk visibility, making it much more difficult to compromise. That’s a great example of how continuously 
recalibrating cyber hygiene practices can help businesses increase their resilience. 
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The key steps to improve your cyber hygiene 


Earlier | likened good cyber hygiene to a driver maintaining their vehicle — checking the tyres and 
changing the oil, etc. but even the best-maintained vehicles can be broken into, or involved in a collision. 
This is where insurance comes in, to protect your vehicle against the unexpected, and get you back on 
the road. 


As vendor networks grow in size and become more interlinked, good cyber hygiene habits can act as 
insurance in cyberspace. But as we know how quickly cyber threats can evolve, more businesses are 
becoming aware that they don't have to do it all by themselves. Automated risk assessments, continuous 
monitoring and the ability to pinpoint high-risk vendors can help businesses gain visibility on the blind 
spots that leave them exposed to danger — and act fast to avoid attacks. 


This is how we help organizations today. Trust is our business and with the increased investment in 
innovative technologies, combined with the fact we monitor 19 million entities across all industries, 
businesses can now gain enhanced understanding of the risks facing them, Zoom in on suspicious 
network traffic spikes, and move fast to erect robust safeguards against DDoS and web application 
attacks. 


Prepare for today — and be primed for tomorrow 


In today’s interconnected cyber world, no business is immune from risk, no matter how well protected it 
is. With the wealth of data that we gather globally, we’re seeing more evidence of more geopolitical 
motivations and more systemic attacks. 


To protect the trust that your business depends on, you need to identify the threats you face today, and 
anticipate the ones you might face tomorrow. We’ve shown that those businesses which maintain good 
cyber hygiene habits and widen their visibility over their networks, and those of their partners, will be 
fitter, stronger and more prepared to withstand future threats. This enables them to build a stronger global 
digital ecosystem, building trust with customers and consumers. 
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As technology rapidly evolves and advances, it can often seem inaccessible and intimidating for the 
everyday person. For Black Americans in particular, this feeling is even more prevalent - access to tech 
careers have been historically limited or actively shut out entirely. Fortunately, there are a growing 
number of ways in which members of the African-American community can take advantage of digital tools 
and use them as resources to learn, grow their networks, and develop paths into rewarding tech careers. 


In today's world, technology has become increasingly pervasive in our daily lives. From smartphones to 
laptops, these devices have become essential for staying connected and informed. However, it is 
disheartening to see that Black Americans continue to be underrepresented in the tech industry, facing 
a significant digital divide. 


Statistics reveal the extent of this issue: Black Americans make up 12 percent of the US workforce, but 
only 8% of employees in tech jobs, and just 3 percent of technology executives in the C-Suite are Black. 
So this means that for many Black Americans in the tech industry, they are the only one in the room, and 
no one looks like them in leadership. 
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So how do we bridge this gap? 


There are 3 ways I'll lay out in this post today, but these are just 3 of many ways that we can work to 
increase diversity within the industry. 


Building Connections through Networking 


One of the most valuable resources in any industry is networking. The same applies to the tech industry 
- creating connections and building relationships with individuals already working in the field can open 
doors and provide valuable insights into the industry. For Black Americans, this can be especially 
important as it allows them to break into a field that has historically been closed off to them. Attending 
tech-related events, joining online communities, and participating in mentorship programs are all great 
ways to build connections and learn from those who have already paved the way. Additionally, platforms 
like LinkedIn provide a professional space for individuals to connect with others in their field of interest 
and showcase their skills, making it an essential tool for career development in the digital age. But it 
needs to be a two-way street. Organizations can and should do more to create networking opportunities 
and connect to the Black community. Sponsored programming workshops, hackathons, and initiatives 
on college campuses are just a few suggestions that organizations can take to bridge the gap and make 
meaningful connections with Black Americans in tech. 


Leveraging Corporate Diverse Hiring Practices to Make a Difference 


Diversity and inclusion are not just checkboxes to meet quotas but vital elements for the success of any 
company. Organizations unlock a treasure trove of unique perspectives and experiences that enhance 
their overall performance by actively seeking and hiring candidates from diverse backgrounds. Moreover, 
embracing diverse hiring practices is not only beneficial to the company but also plays a significant role 
in promoting a more equitable society by providing opportunities to underrepresented groups. 


By intentionally leveraging their hiring practices to uplift marginalized communities, corporations have the 
power to drive positive change both internally and externally. This can be achieved through various 
initiatives, such as establishing scholarship programs to support education and skill development for 
underprivileged individuals. Additionally, implementing targeted recruitment efforts that actively reach out 
to diverse talent pools can ensure a more inclusive hiring process. Furthermore, fostering partnerships 
with organizations that champion diversity and inclusion in the tech industry can create a network of 
support and collaboration for marginalized individuals. 


By going beyond mere lip service and taking concrete actions, companies can truly create a more 
inclusive and equitable future for all. This includes fostering a supportive and inclusive work environment 
that values and respects individuals from all backgrounds. Encouraging employee resource groups, 
providing mentorship opportunities, and implementing diversity training programs are some ways to 
cultivate an inclusive culture. 
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Establish partnerships with HBCUs 


Establishing strong partnerships with Historically Black Colleges and Universities (HBCUs) is a strategic 
move that organizations should consider to develop a pipeline of Black talent in the tech space. These 
institutions have a rich history and legacy of nurturing talented Black professionals across various fields, 
including technology. Collaborating with HBCUs not only allows organizations to tap into a pool of highly 
skilled and diverse talent but also demonstrates their commitment towards fostering diversity and 
inclusivity. Partnerships could take the form of offering internships, scholarships or sponsorship of tech- 
oriented programs and projects at these institutions. By providing students with an early exposure to real- 
world projects and problems, these partnerships can also significantly enhance the students’ learning 
experience, preparing them thoroughly for their future roles in the tech industry. This approach helps to 
bridge the gap between academia and industry, creating a sustainable pathway for Black individuals to 
thrive in the tech world. 


The underrepresentation of Black Americans in the tech industry is a pervasive and deeply rooted issue 
that demands collective action to rectify. Bridging the digital divide involves not only nurturing networks, 
but also fostering an environment that supports and encourages diversity and inclusion. This can be 
achieved by leveraging corporate hiring practices to actively recruit and retain Black talent, establishing 
strategic partnerships with Historically Black Colleges and Universities (HBCUs) to provide educational 
and career opportunities, and investing in initiatives that promote access to technology for 
underprivileged communities. 


By implementing these measures, we not only pave the way for a more equitable tech space, but also 
foster a more innovative and vibrant industry. The inclusion of diverse perspectives and experiences 
leads to the development of groundbreaking solutions and drives meaningful progress in the tech sector. 


However, it is important to acknowledge that the fight for diversity in tech is an ongoing battle. It requires 
consistent effort and commitment from all stakeholders. | urge everyone to get involved, whether it's 
through mentorship programs, advocacy for inclusive policies, or simply spreading awareness about the 
importance of diversity in tech. Together, we can transform the landscape of the tech industry, making it 
a thriving, inclusive space for all individuals, regardless of their background or ethnicity. 
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It’s often paid lip service to (or worse, intentionally neglected), and rarely appreciated, but there’s an 
operational cost to be paid for security. Security controls create inefficiencies, and those security 
measures can also introduce operational risk. By way of example, | recently came across an intriguing 
new anti-malware product that uses behavioral analysis to predict when file encryption is unauthorized, 
and therefore indicative of a potential malware attack. When it identifies such a scenario, it locks the 
encrypted files and those with access to them. Although a valuable backstop against perhaps the most 
common attack today, there is an undeniable operational risk that a false positive could temporarily deny 
file access to legitimate users, impacting the organization’s productivity. In this case, likely a small price 
to pay for a critical layer of security, but it’s important to appreciate that the operational cost is finite, and 
the risk is non-trivial. 
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Perhaps the most obvious example of the impact of cyber security activities on business operations is 
the area of vulnerability remediation. In typical organizations, the cyber security team identifies 
vulnerabilities and passes that information along to the IT team to patch the vulnerable devices, a process 
that might make sense on paper, but can generate understandable conflict in reality. Those two groups 
(Security and IT) have markedly different objectives. The cyber security team obviously is responsible 
for protecting the organization from cyber attack, while IT operators are driven by systems availability 
and corporate productivity. And, as anyone in IT knows all too well, patches can break stuff. It goes 
without saying that, although system failures resulting from disruptive patches are much more rare today 
than, say, 20 years ago, IT operators are understandably apprehensive about playing Russian Roulette 
with their networks, and by extension, their careers. 


There are countless other examples of productivity-impacting security requirements that span the 
spectrum from annoyance (changing passwords) to policies with serious impacts on productivity 
(extensive 3rd party screening that can delay hiring critical vendors for months), and all of them are 
created with good intentions by security professionals with the best interest of the organization - or 
regulatory compliance - at heart. So how do security teams minimize operational risk and burden while 
still protecting the organization? 


The key to healthy, but not overbearing, cyber security is first a genuine recognition that all security is 
about managing risk, and that yet more tools and policies are not always a good thing. Security 
practitioners have to cultivate an appreciation for the impact their policies have on everyone in the 
organization, and that security is about managing risk, not a futile effort to reduce it to zero. In the case 
of cyber security, less may just be more. 


That appreciation, and the policies and activities that flow from it should start with a recognition that just 
about all cyber attacks originate from one of three techniques in today’s threat landscape: 


e Stolen credentials 
e Phishing 
e Un-remediated vulnerabilities 


This reality should inform the decisions made by the cyber security team. From concept to 
implementation, the question should be asked constantly: will this policy or product materially reduce the 
organization’s exposure to an attack initiated by stolen credentials, phishing, or unpatched 
vulnerabilities? A companion question should add whether or not the new policy/tool will limit the attack’s 
severity if it's successful. If the answer is not an obvious yes, the security team should reconsider the 
approach, especially if it has any discernible impact on operations. 


Doctors’ offices and government agencies are legendary for developing forms that require obviously 
unnecessary - or redundant - information from patients and citizens, the motivation for which it seems is 
simply because they can, and they’re utterly unconcerned with the experience, time, or frustration of their 
constituents. We've all been in organizations in which it seemed the security team’s policies were similarly 
developed with a wanton disregard for the experience or operational needs of the organization’s 


Cyber Defense eMagazine — February 2024 Edition 51 


Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide. 


employees. Security teams and healthcare/government form designers would both do well to add this 
question to their vocabulary: 


Is this really necessary? 
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There is something to be learned from epic fantasy productions like Harry Potter. That every few years, 
there will be a gifted wizard who doesn’t yet know their potential and has the power to do big things. But 
when left untamed without any guidance and direction, they become capable of making things 
detrimental, raising havoc of massive proportions. In the real world today, that wizard is Al. 


President Biden’s Al executive order (EO)! is an attempt to not only provide powerful stakeholders 
technological direction, but also longevity of impact through a self-sustaining machinery via mechanisms 
for reliability, equity and accountability. Aimed at balancing Al’s innovation potential, this order will set 
the tone for future Al regulations. 


The EO delves into regulation Al from multiple ends. Provisions like disclosure of development process, 
model weight ownership, and results of “red-teaming” and safety testing for dual-use foundation models 
clearly demonstrate the aim to bolster transparency. Additionally, the directive to identify existing 
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standards and practices relating to the authentication, labelling, testing and detection of synthetic content 
and developing guidance around the use of such techniques like watermarking are good first steps 
towards removing discrepancies like biases, data hallucination and misuses of data. 


As a result of the order’s many provisions, testing of language models against multiple frameworks to 
ensure compliance will see a boost. Typically, software integration and algorithm testing are outsourced 
to system integrators (Sls) like TCS, Infosys, Wipro, among others. Hence, these players are likely to 
come up with dedicated solutions and toolkits for such workloads. 


Another area that can see a surge is LM-Ops tools (language model optimization) within generative Al. 
Prompts made to tools like ChatGPT must adhere to content safety regulations and need to be flagged 
off when there’s a discrepancy like biases and harmful language. Hence, prompt optimization is a critical 
area and because of generative Al’s rapid development, we see the new role of prompt engineers gaining 
importance day by day. 


Similarly, data annotation and data labelling are also likely to get a boost. Transparency in the 
development and use of Al requires clean data sets - the quality of the of output is as good as the data 
it's trained on. Hence, technical capabilities that are pre-cursors to developing an Al model are key. For 
example, Google used Snorkel Al to replace 100K+ hand-annotated labels in critical ML pipelines for text 
classification, leading to a 52% performance improvement. 


With the EO’s aim to promote the safe, secure, and trustworthy use and development of Al, the role of 
regulation takes center stage, shaping a future where large or small companies can profit from while 
minimizing its own unintended consequences. 


Market Dynamics: How the Al Order Affects Players 


All businesses that use Al will be impacted by the executive order, but the impact is not as binary, there’s 
nuance. It depends on the technological investment in Al and complexity of the workload. 


It’s a no-brainer that Al adoption requires large investments, and large enterprises are well-positioned to 
make them. They have the capital to undertake core Al development initiatives like building custom Al 
models the way Meta and Google did with LLaMA and Bard. Once the regulations come into effect, their 
offerings will need to comply to the set standards. 


SMBs, on the other hand, might not have the same monetary capacity to commit a huge amount of money 
to complex technology projects. This disadvantage gets compounded by the fact that SMBs are a big 
target for cybersecurity attacks and generative Al has a plethora of vulnerabilities that expose SMBs to 
attacks, putting their cybersecurity concerns at peak. For SMBs, simple workloads, like deploying a 
customer support chatbot are more feasible. Once the regulations are in effect, SMBs can integrate 
regulation-compliant products and offerings into their workflows and reap the benefits that Al brings. In 
parallel, they can come up with LM-Ops solutions and dedicated toolkits the way small scale ISVs do and 
expand their offerings. 


Cyber Defense eMagazine — February 2024 Edition 54 


Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide. 


The implementation of regulations coming out of the order are poised to make changes in the future, be 
it the pace of business cycles, types of solutions and offerings, business workflows or even expansion of 
new revenue streams. 


Al-volution and the Future 


There has been a steady shift in certain processes, particularly as it concerns safety and flagging off 
content. Traditionally, issues regarding safety and flagging off disparities like biases would be done in 
retrospect, after Al applications were developed. While this approach does help identify the discrepancies 
and implement learnings in the future, it doesn’t solve the current problem. 


Responsible Al by design, as an approach, weaves in transparency, fairness and accountability right 
form the design phase. It focuses on how we can integrate responsible Al principles at the time of 
development of Al apps or foundational models, not after the process. It enables training the algorithm in 
such a way that they adhere to the regulations from the start. 


Anthropic is a good example of a company that’s scaling Al safely and responsibly with intentionality. 
They have also instituted a responsible scaling policy (RSP) aimed at mitigating catastrophic risks, in 
tandem with other measures to mitigate bias, toxicity and misinformation, protecting customer privacy, 
building robust and reliable systems and using constitutional Al. In fact, their tool Claude 2.1 has made 
significant gains in honesty, with a 2x decrease in false statements compared to the Claude 2.0, 
improving the overall accuracy of the tool for its users. 


Both regulation and intentionality are crucial to ensure that Al evolves in the right direction. The EO uses 
a combination approach of guidelines and regulation, encouraging companies to develop responsible Al 
applications and models. 


The future of Al is bright, but also uncertain. President Biden's executive order lays a framework to steer 
this powerful tool in a direction that maximizes business and societal benefit while minimizing harm. 
Regulation and intentional development focused on responsibility are crucial to ensure Al evolves safely 
and for the greater good. There will always be risks, but if we act thoughtfully the benefits will far outweigh 
them. 
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Al Is Revolutionizing Phishing for Both Sides. 
What Will Make the Difference? 


Thanks to Al, phishing attacks are better than ever. So is our ability to stop them. 


By Antonio Sanchez, Principal Cybersecurity Evangelist, Fortra 


Al has always been a lurking threat in the context of cybercrime. Since it burst onto the scene in late 
2022, ChatGPT has been wielded by black hats of varying skill levels to make phishing attacks more 
convincing, more achievable, and more widespread. Not only has there been a rise in quantity, but — and 
here’s the aggravating part — in quality as well. 


Luckily, the tool can be used by both sides. The only question will be — who will use it better? 


Impact of Al on phishing 


“If it ain’t broke, don’t fix it.” Phishing as a cybercrime model has always been successful. Thus, we see 
phishers using generative Al to recreate the same old techniques, only better. The result? An unheard- 
of increase in phishing emails since the launch of ChatGPT. 


Phishing emails are now sent with perfect grammar and spelling in a multiplicity of languages, thanks to 
generative Al and large language models (LLM). Need a phishing attack in perfect Japanese? Now, you 
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can get that. The ability of Al to function flawlessly in any language has opened up new regions for 
enterprising black hats. Additionally, the ability of Al to scour social media, and the internet at large, for 
personal details has also made large-scale spear phishing a possibility as well. What used to take 
humans days now takes seconds or less. 


But wait — it gets worse. New Al techniques also make them harder to detect. These detection evasion 
tactics ensure that attacks only present themselves to the intended target and otherwise ‘play dead’ for 
detection processes. These include anything from altering word sentences and structure to generating 
polymorphic malware on the fly. 


And let's not forget the most powerful aspect of phishing — the social engineering craft. Thanks to 
generative Als new methods of identity falsification, it’s harder than ever to tell what’s real from what’s 
not. This is evidenced in deepfake videos, voice phishing, and even QR code phishing (quishing). 


Using Al to fight Al 


The good news is that Al is unbiased, at least in a security context. Whoever wields it can bend it to their 
will, and security hasn’t been slow to make use of it. 


In the fight against Al-based phishing, it is being used to trawl the web to identify new phishing 
infrastructure. It goes without saying that it can do this much faster than humans can. On that same note, 
Al is also being leveraged for its ability to spot divergent patterns over petabytes of data, thereby proving 
its usefulness in identifying stealthy attacks. Operationally, Al-based detection and response tools are 
helping overwhelmed teams level-up without staffing up, and vet alerts to reduce false positives helping 
to avoid burnout and overwhelm. 


The only thing to remember is that Al is still the student, not the teacher. A human eye and mind are still 
required to make the hard calls, manage the decisions that come from data analysis, and (as of yet) 
deploy the systems in the first place. 


The Necessity of the Human Element 


It's clear that Al can only do so much on the defensive side. All the Al-gleaned data in the world is no 
good without the expertise to know what to do with it. Someone needs to create the workflows, someone 
needs to confirm and vet incident response, and someone needs to tell the other humans on the team 
when something is amiss. 


And that someone doesn’t always have to be Steve the IT Guy. All employees need to be aware of the 
latest cybercrime trends, especially those with non-technical roles, if there is any such thing these days. 
The head of HR needs to know the latest Al-driven phishing tactics as much as your system administrator, 
if not more. They need to know to be on the lookout for deepfakes, which emails sound “phishy,” and why 
they should always check with IT if Microsoft is sending them an unsolicited request to update their Teams 
login — again. 


Cyber Defense eMagazine — February 2024 Edition 58 


Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide. 


That’s why security awareness training (SAT) is vital. Phishing simulation campaigns can educate your 
employee-base about cutting-edge techniques and test their ability to recognize the real-world tactics of 
a modern-day phishing scam. The results might be illuminating, but with more practice, failure rates do 
decline. One global manufacturer saw phishing click-through rates drop from nearly 40% to under 15% 
after a SAT program. 


Conclusion 


Is Al changing the game for phishing? Yes, but the change is going both ways. In a way, were back to 
square one as we resume the cat-and-mouse game that is cybersecurity, but with race cars, if you will. 
The important thing is that the race hasn’t been won yet. 


As we continue to explore the varied uses of artificial intelligence, we can combine those capabilities with 
everybody’s secret weapons — yes, humans. The human element is not to be underestimated; not on 
security teams, and not among everyday employees. Two of the biggest weapons attackers have are 
ignorance and casualness, and by levelling up the security-mindedness of the average workforce, we 
can drastically reduce those and cut down on human error. Given the fact that Al cybersecurity tools can 
already stand toe-to-toe with Al-based phishing attacks, the difference may be enough to tip the scale. 
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Given the fact that bad actors are always on the prowl, 2024 is off to a fast start with numerous 
cybersecurity incidents already occurring, affecting a myriad of industries, both large and small. What 
can we expect as the year progresses? Below, | address some of the major trends and developments 
that will shape the cyber landscape in 2024. 


In 2024, transitioning to quantum-resistant cryptography will become a mainstream boardroom 
discussion. No longer a buzzword or a topic to be tabled, becoming crypto-agile to prepare for post- 
quantum encryption will be a key focus for the C-suite. This shift has been massively supported by NIST’s 
development of quantum-resistant encryption and its impactful educational campaign on quantum's 
threat to decryption. They have now transformed a once theoretical discussion about decryption into a 
mainstream business focus. 


Certificate automation is poised to mark another significant milestone, transcending its previous 
enterprise-level boundaries to redefine businesses and sectors across all scales. The surge in 
automation will intricately weave together our already interconnected digital infrastructure, transforming 
it into a seamless entity of automated services. 


In the upcoming year, a decisive showdown will unfold, determining whether Al emerges as a formidable 
threat actor or the ultimate guardian of cybersecurity. In a race against time, hackers and cybersecurity 
professionals are actively harnessing the power of Al to fortify their respective endeavors. The 
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culmination of this race will reveal whether Al stands as a potential menace or the most impactful 
emerging technology protecting our cybersecurity realm. 


2024 will be the year that the reliability of the digital record meets its demise as deep fakes fully undermine 
digital trust. Gone are the days when people could trust what they saw and heard. With the proliferation 
of deepfakes, every digital record, whether that be a photo, video or voice recording could be a fake. 
Given our current reliance on digital records within our legal, security and digital systems, and without a 
solution, we will witness the crumbling of our systems that rely on biometrics to authenticate identity. 
Soon, all forms of recording devices will have a built-in encrypted timestamp, acting as a watermark at 
the time of capture. These encrypted watermarks must be built upon the only unimpeachable form of 
encryption, PKI, to separate authentic images from deepfakes to re-establish digital trust in images, 
videos, and recordings. 


This year, the security of digital identities will enter an era of either complete blanket security or 
fundamental foundational insecurity. Digital identities are everywhere and encompass all aspects of 
everyday life. Anything short of full-scale security is inadequate. Thanks to the saturation of digital 
identities, the days of unsecured digital systems are behind us. We are now in an everything-or-nothing 
era of either complete security or a rotting foundation. 


2024 will also be the year RSA comes under siege as researchers worldwide intensify their efforts to 
unravel its encryption. The revelation of Post-Quantum Cryptography (PQC) was a lightbulb moment for 
researchers, who realized they no longer needed an operational quantum computer to achieve 
decryption. Next year, more shortcuts to cracking RSA will be discovered as an influx of academics 
compete to breach encryption. Although RSA is not expected to succumb, it will undoubtedly grapple with 
an immense amount of pressure. 


Lastly, businesses will have the rug pulled from underneath them as digital certificate lifespans 
exponentially shrink. As leading web browsers continue to reduce the lifespan of digital certificates, 
businesses will face a major headache in replacing foundational elements of security. The impending 
shift will mean that foundational elements crucial to businesses will become notably challenging to 
replace once the new policy takes effect. 


In 2024, businesses must brace for a game-changing reassessment of security fundamentals that have 
long lingered in the shadows. 


About the Author 
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In the last few years, an unprecedented number of stolen login credentials have been exposed in data 
breaches. Data Breach Search Engines (DBSEs) are increasingly providing public access to these stolen 
credentials. While designed to alert users to potential data exposure, these engines may unintentionally 
contribute to the growing cyber threat landscape by aiding malicious actors in exploiting stolen login 
credentials. 


Despite the fact that the past year witnessed an alarming rise in threats from malicious actors leveraging 
stolen login credentials, the potentially harmful role of DBSEs has been largely overlooked. 


DBSEs have existed for years with the purpose of informing individuals if their personal information was 
exposed in a breach. This involves seeking breached data from the dark net and making part of that 
information available to the public on the DBSE's website on the regular internet, also known as the 
"surface net." 
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Traditionally, DBSEs would only inform visitors if their email address or username was listed in any data 
breaches, prompting them to change their passwords for a specific account. However, a new category of 
DBSEs has emerged, offering users access to raw data from breaches, including login credentials for 
other individuals. These new DBSEs are gaining popularity. 


This trend unfolds as the dark web underground market for stolen credentials is experiencing rapid 
growth. Demand is primarily driven by cybercriminals intending to use stolen credentials for malicious 
actions, as reported in Recorded Future's 2022 Annual Report. Recent trends reveal an increasing usage 
of stolen credentials for cybercrime, with Account Takeover fraud rising by 354% year-over-year in Q2 
2023, based on Sifts Q3 2023 Digital Trust & Safety Index. Additionally, 49% of data breaches last year 
involved using stolen credentials, according to the 2023 Data Breach Investigations Report (DBIR) by 
Verizon. 


Against this backdrop, DBSEs are making exposed credentials more accessible to the public. This marks 
a significant departure from the days when breached data was confined to the darker corners of the 
Internet. The F5 Labs 2021 Credential Stuffing Report notes that for malicious actors seeking victims’ 
login credentials, the entry barrier is diminishing. Access to exposed credentials used to demand a level 
of skill, funds, and/or personal connections, requiring expertise to hack a database, connections to elite 
sellers, or access to exclusive dark web markets. However, with increasingly mainstream services willing 
to sell verified credentials, anyone can obtain access. 


Nevertheless, even if DBSEs assist in exposing credentials, it's crucial to recognize that not all stolen 
credentials are the same. Hackers typically attempt to keep stolen credentials secret for as long as 
possible. Breached credentials lose value when they become public knowledge because victims promptly 
change their passwords, as stated in the Cofense 2023 Annual State of Email Security Report. F5 Labs 
corroborated this notion in its Credential Stuffing Report, tracking the path of stolen credentials from theft 
to public disclosure. As soon as the breach became public knowledge, the price of the credentials started 
declining. 


At this stage, after public disclosure and data posting, DBSEs first obtain the credentials. Therefore, 
DBSEs provide access to credentials when they are least valuable to criminals. 


However, the credentials accessible in DBSEs still hold value to criminals, particularly if victims reuse 
their passwords for multiple accounts. Password reuse has always been a problem, and SpyCloud’s 2023 
Identity Exposure Report found a 72% password reuse rate for users exposed in two or more breaches 
in the past year—an 8-point increase from 64% the previous year. As long as password reuse persists, 
old credentials will remain valuable to criminals. 


It's worth noting that there are potential benefits for victims using new DBSEs in certain circumstances. 
Traditional DBSEs were most helpful when a data breach originated from only one website, such as the 
Linked example mentioned earlier. However, some data breaches consist of login credentials from 
unknown sources. In those cases, a newer DBSE can identify which passwords were compromised. 


The Future: 


Based on current trends, DBSEs could play a more substantial role in supplying cybercriminals in the 
near future. The number of cybercriminals seeking credentials is growing, potentially including more 
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individuals unable to access traditional suppliers like hacker forums and dark marketplaces. For those 
people, it may only be a matter of time before they start looking elsewhere for credentials. 


DBSEs appear to have a complex link to cyber threats, with both positive and negative effects on security. 
The cybersecurity research community has not sufficiently focused on DBSEs and their associated 
security implications, revealing a significant knowledge gap. Until cybersecurity research redirects 
attention to DBSEs, the true nature of their current and future role will be overlooked and unaddressed. 


About the Author 


Tom Caliendo is a security consultant and a freelance writer. He is the author of 
The OSINT Guide, (see theosintguide.com) and is an established expert in the 
field of open source intelligence (OSINT). His work as a freelance writer focuses 
on new developments in cybersecurity, privacy, and Deep Web OSINT. 


Formerly a private investigator, Tom has over 20 years of investigative and analytic 
experience in matters ranging from cryptocurrency investigations, information 
security, and social media analysis. He is also Co-Founder of the research and 
literary firm Brockett Consulting. 


Tom can be reached online at Tom@BrockettConsulting.com or and at our website 
BrockettConsulting.com or TheOsintGuide.com 


Ech 
Cyber Defense eMagazine — February 2024 Edition 64 
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide. 


Newer and more impactful technological advancements are making the quest for foolproof cybersecurity 
measures more critical than ever. As organizations are doing everything they can to protect sensitive 
information, biometric security systems have emerged as a front-runner. Among these, voice ID systems 
are a critical component that organizations rely on as an additional layer of authentication. For all its 
advantages, these state-of-the-art systems must still undergo rigorous voice ID penetration testing to 
prove their worth as an innovative technology that enhances cybersecurity defenses. 


Voice ID systems have become integral components of modern security frameworks. These systems 
specialize in processing and isolating the unique vocal characteristics of individuals to grant or deny 
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access to secured resources. By identifying different aspects of speech that are unique to every person’s 
voice, such as pitch, tone, and cadence, these systems accel at creating a distinct voiceprint for every 
user. Voice ID systems are widely adopted in sectors ranging from finance and healthcare to government 
agencies due to their efficiency and user-friendly nature. 


The advantages offered by voice ID systems are many. By providing a seamless and convenient user 
experience, they’re able to eliminate the need for passwords or PINs. Voiceprints are also difficult to forge 
and is one of the reasons organizations invest in them as an extra layer of security. Moreover, voice ID 
systems are non-intrusive, offering a hands-free and natural means of authentication. 


Here are some types of penetration testing. 
Network penetration testing 


In the intricate landscape of cyber threats, network infrastructure stands as a prime target for attackers. 
Network penetration testing is known for its rigorous ability to expose weaknesses. Firewalls, routers, 
switches, and other network devices are spared no exposure. It tirelessly works to uncover and expose 
weaknesses that would-be intruders could exploit for unauthorized access in the future. Armed with its 
arsenal of tools and techniques, the penetration testing team rigorously evaluates the efficacy of network 
security controls. 


Web application pen testing 


Web applications, the lifeblood of modern business operations, often become battlegrounds for 
cybercriminals. Ethical hackers engage in web application penetration testing to unveil security flaws 
lurking beneath the surface. From SQL injection to cross-site scripting and insecure authentication 
mechanisms, no vulnerability goes unnoticed. This comprehensive examination encompasses both back 
and front-end components, creating a detailed map of potential weaknesses that could lead to data 
breaches and unauthorized access. 


Mobile application penetration testing 


In an era dominated by mobile apps, securing these digital companions is paramount. Mobile application 
penetration testing has evolved into an absolute necessity. Security experts are constantly assessing 
applications on various platforms and mobile devices. The list of potential vulnerabilities is many, among 
them are data leakage, insecure data storage, and feeble authentication mechanisms. These are among 
the most heavily scrutinized to ensure robust protection against potential threats. 


Wireless network pen testing 


The ubiquity of wireless networks brings unique security challenges, making them susceptible to 
unauthorized access and eavesdropping. Wireless network penetration testing specifically targets Wi-Fi 
networks, Bluetooth connections, and other wireless technologies and goes to work on their existing 
defenses. Testers actively hunt for weak encryption, unauthorized access points, and looming threats 
like potential man-in-the-middle attacks. 
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Social engineering testing 


In the ever-evolving landscape of cyber threats, human vulnerabilities often stand out. Social engineering 
testing involves manipulation, coercing individuals into revealing sensitive information or performing 
specific actions outside the normal range of routine operations. Employing tactics like phishing emails, 
phone calls, or impersonation, penetration testing services gauge an organization's susceptibility to such 
attacks. This not only uncovers potential weaknesses but also assesses the level of awareness among 
employees regarding social engineering tactics. 


Penetration testing is not just a technical exercise; it's a strategic endeavor to fortify the ever-changing 
cybersecurity landscape. As organizations navigate the digital realm, these diverse testing methodologies 
act as guardians, unveiling vulnerabilities and enhancing defenses. The synergy between ethical hackers 
and cutting-edge technologies ensures that organizations remain a step ahead in the relentless battle 
against cyber threats. In this dynamic cybersecurity dance, penetration testing emerges as the 
choreographer, orchestrating moves to safeguard digital assets and maintain the integrity of the virtual 
realm. 


Voice cloning in cybersecurity pen testing 


One groundbreaking technology making waves in the realm of voice ID pen testing is Respeecher's 
real-time voice cloning. This innovative solution rigorously challenges voice recognition systems, 
assessing their capability to discern synthetic voices and counteract potential voice cloning attacks. 


With Respeecher's technology at their disposal, security researchers now have the ability to craft 
synthetic voices that remarkably mirror the tones and nuances of legitimate users. By doing so, they 
can accurately simulate a voice cloning attack, wherein an assailant endeavors to replicate a genuine 
user by employing a synthetic voice that closely mimics the user's natural vocal characteristics. 


The integration of Respeecher's voice cloning technology into pen testing empowers security 
researchers to uncover vulnerabilities within their voice recognition systems. This covers the process of 
identifying potential loopholes that could enable an attacker to circumvent the authentication process 
through the use of a synthetic voice. What sets the technology apart is its comprehensive approach to 
testing the resilience of voice recognition systems. It goes beyond the standard evaluation by subjecting 
the system to various types of synthetic voices, encompassing alterations and synthesis through 
diverse techniques. This meticulous process of testing and retesting ensures that a system that passes 
is fortified against an array of potential threats, ranging from basic impersonation attempts to 
sophisticated voice cloning attacks. 


By simulating the dangers created by synthetic voices, Respeecher's technology equips organizations 
with the insights needed to bolster their defenses effectively. As organizations navigate the complex 
terrain of cybersecurity, the integration of Respeecher's voice synthesis technology emerges as a 
proactive strategy. It not only identifies potential risks but also enables security teams to stay ahead in 
the ongoing cat-and-mouse game with cyber adversaries. 


The Respeecher difference 
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Voice ID penetration testing is a critical component of a comprehensive cybersecurity strategy. By 
leveraging innovative technologies like Respeecher's real-time voice cloning, organizations are always 
one step ahead of cyber threats with fortified biometric security systems that ensure the protection of 
sensitive information. Despite their merits, voice ID systems are not immune to vulnerabilities. As 
technology evolves, so do the methods employed by malicious actors to exploit weaknesses. 
Organizations must stay vigilant of new and potential threats by keeping their thumbs on the pulse of 
biometric security integrity. 


About the Author 
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The modern world of DevOps means relying on our code connecting to outside services and components 
imported at run time. All of this access is predicated on secrets, the credentials such as API keys and 
passwords granting any needed access. Ideally, these secrets should be stored safely in vaults, secret 
management platforms, or `.env` files located safely outside of version control. 


Unfortunately, all too often, secrets end up in places they shouldn't, such as in the code as plaintext or in 
an *.env’ file shipped with the project and visible to anyone who has access. This continues to be a 


growing problem, as evidenced by the millions of secrets GitGuardian reported in our annual report. 


Furthermore, this issue of secrets sprawling is not limited to in-house-produced code. It is also a serious 
problem for third-party software we incorporate into our ecosystems. Unlike our custom code, usually 
meant to run within our data centers or cloud providers, third-party code, such as PyPI| packages, are 
most often intended to be freely distributed as open-source software, so any credentials that are included 
could be seen by hundreds or potentially even millions of developers before the issue is discovered. 
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At GitGuardian, we worked with security researcher Tom Forbes to scan every PyPI project for embedded 
secrets. PyPI, The Python Package Index, serves the Python community as the official 3rd party package 
management platform. We analyzed over 450,000 projects containing over 9.4 million files across 5 
million released versions. This is what we found: 


- Total unique secrets found: 3,938 

- Unique secrets found to be valid: 768 

- Total occurrences of secrets across all releases: 56,866 
- Projects containing at least one unique secret: 2,922 

- Individual types of secrets detected: 151 


Caption: Distinct secrets by detector over time 


Given the research was on Python code, it should not be a surprise that files with the extension ` Du 
were the number one source for hardcoded credentials. Next most common were configuration and 
documentation files such as `.JSON` and *.yml files. We also found valid secrets in some unexpected 
places, such as 209 README files and test folders with 675 unique secrets. 


SeFebActsest set alig SSL 


Most common types of files other than .py containing a hardcoded secret in PyPI packages 
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*Emergent trends 


While everything from Redis credentials to Azure Keys were found among the releases, a few notable 
trends become apparent in our analysis: 


- Google API key leaks have grown steadily over time, including a very large spike that occurred in 
2020. 

- Telegram bot tokens, found to be valid, have been leaked with increasing frequency, notably 
doubling in the first part of 2021 and spiking again in early 2023. 

- A significant spike in leaked database credentials started in 2022 and continued through the end 
of the research window. 


*Same secret, different releases 


One thing that might stand out from these findings is the unbalanced ratio of unique secrets found vs 
total found across all releases. This is evidence that once a developer adds and publishes a secret, it is 
likely going to stay in the code across multiple releases. This is due, in part, to the fact that publishing 
tools lack sensible defaults for ignoring files. PyPI lacks safeguards for what you exclude from a 
distribution. 


For example, Python does not honor `.gitignore` settings when a package is built. While *.gitignore’ is 
great for keeping files out of your git history, that is the whole of its job. There are solutions like using 
‘setuptools-git’, which you can use to safeguard accidental inclusion. This works for local configuration 
files, like “.cookiecutterrc’ and .pypirc files. For reference, we found 43 `.pypirc` files containing PyPI 
publishing credentials. 


*Yanked files are still accessible 


When a developer releases something they didn't intend to, their instinct might be to yank it back out of 
the project. Unfortunately, the yanking mechanism in PyPI does not actually remove the file from the 
server; it only marks the file to be ignored by an installer by default. If a user specifies the yanked version, 
it will still be used. The file is still downloadable, likely forever. Files are only completely removed from 
PyPI if they have known malicious code. 


*Valid secrets granting unintended access 


Here is a partial list of the most common types of valid secrets we found, which could give anyone access 
to the associated systems. 
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- Auth0O Keys 

- Azure Active Directory API Keys 

- Database credentials for providers such as MongoDB, MySQL, and PostgreSQL. 
- Dropbox Keys. 

- Coinbase Credentials 

- GitHub OAuth App Keys. 

- SSH Credentials 


While it is tempting to focus on the larger numbers of total occurrences found, the secrets found to be 
valid pose the most immediate and critical threat. The researchers used gqshield, the GitGuardian CLI, 
for their research, which looks for over 400 types of secrets, both specific detectors and generic patterns, 
with a built validation process. Not all secrets can be checked for validity, but at the time the research 
was conducted in October 2023, over 190 specific types of credentials could be validated. 


It is important to note that just because a credential can not be validated does not mean it should be 
considered invalid. Some systems, such as Hashicorp Vault, Kubernetes clusters, Okta, or Splunk, do 
not yet offer a non-intrusive way to test if a credential is valid. Rather, you should think of these findings 
as divided into vald and 'yet to be validated.’ 


Work safely 


Here are some tips on how to avoid accidentally including secrets in your PyPI, or any other projects. 


*Avoid plaintext credentials in code 


If you never add a secret to your code, then there is no way for it to end up in your PyPI package. Easier 
said than done, we admit, but this is a skill just as valuable as avoiding infinite loops or stack overflows 
in your code. There are multiple tools that make it easy to programmatically call read-only values from 
files outside of version control, such as ‘python-dotenv’. 


While a well-managed `.env` file is a practical solution, you can stay even safer by leveraging Cloud 
Secrets Managers, such as Azure Key Vault or AWS Secrets Manager. These secrets managers can be 
used to create and use secrets across cloud infrastructure, come standard with most modern cloud 
providers, and are very well documented. 


*Scan before you release 


Removing a secret from an uncommitted file is easy and very inexpensive. Removing that same secret 
from shared code is practically impossible and a time drain. We always want to ‘shift Jet" and test early 
and often, especially when secrets are involved. Performing a secrets scan before you release, or before 
you even make a commit is the most cost-effective way to ensure a secret does not get leaked. 
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There are multiple tools that will let you automate the scanning process, such as ggshield, which you can 
use in a pre-commit Git hook. Aside from just finding the secret, any good scanner will also provide 
information such as type, number of occurrences, and if the secret is valid. 


*PyPI secrets sprawl is solvable 


Unique secrets added over time 


The research ultimately reveals the disturbing trend that the number of secrets being added to PyPI is 
growing steadily over time. In the last year alone, the research shows over 1,000 unique secrets have 
been added via new projects and commits on PyPI. While this might sound discouraging, this is a 
challenge we believe can be addressed through raising awareness, education and ever-improving 
developer tooling. We hope the findings of this report help you with raising the issue within your 
organizations and projects. 


The Python community continues to innovate and work to make all developers’ lives better. Donating 
useful code back to the community is something we hope to see more people do, but we want to see it 
done safely. GitGuardian can help you work safely and keep your projects free of secrets. The 
GitGuardian Secrets Detection platform is free for open source contributions and teams with 25 or fewer 
developers. We want to make sure your shared code contains only the intended logic and not your valid 
secrets. 


> Hear directly from Tom Forbes about his PyPI research in his appearance on The Security Repo 
Podcast. 


EMBED: https:/Awww.youtube.com/watch?v=AhH0aGFPo0O04 
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Good Security Is About Iteration, Not 
Perfection. 


By Craig Burland, CISO, Inversion6 


In the dynamic and unpredictable realm of cybersecurity, striving for perfect solutions can be a 
futile and counterproductive pursuit. There are too many threats to address. Too many battles 
to be fought. Too many risks to mitigate. The defender community needs to adopt a more 
practical, innovative, and scalable approach to security by choosing iteration over perfection. 
The wisdom of the philosopher Voltaire, “don’t let perfect be the enemy of good,” is pivotal in this 
regard, emphasizing the importance of achievability. There is good reason the movement 
“Secure by Design” isn't called "Perfectly Secure by Design". 
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Going Medieval 


In building our cyber capabilities, we can look to the development of medieval fortifications as a 
compelling analogy. Early defenses were primarily designed to counteract localized raids and 
small-scale warfare. These wooden fortifications provided quick, cost-effective protection 
against attackers lacking advanced siege equipment. However as offensive threats evolved, so 
did the must-have features of the fortifications. Stone replaced wood. Wider moats, taller towers, 
and arrow slits were added to resist more capable attackers. This continuous process of 
innovation, adaptation, and improvement is a blueprint for the iterative approach necessary to 
do business securely in the 21° century. 


Embracing Iterative Security 


Think of the hapless feudal lord who pitched building a massive stone structure to their king in 
response to spear-wielding, local bandits. “Milord, for a mere 50,000 sovereigns, we will be safe 
from these brigands in a mere 10-years’ time!” Not only did their funding request likely get 
denied, but their town also likely got sacked while getting estimates from the stone masons. 


Iterative security is about continually adapting security measures in response to the current 
landscape of threats and vulnerabilities while evaluating emerging threats. This approach 
acknowledges that cybersecurity is a journey, not a destination. It acknowledges the uncertainty 
of likelihood and impact in risk calculations and factors that into prevention and detection 
strategies. Not every threat warrants a best-in-class platform and top-flight resources in 
response. Sometimes, open-source tools running on the intern’s laptop is good enough. 


Benefits of Iterative Security 


e Speed: Iterative security allows organizations to respond swiftly to emerging risks. A 
complete fortification of wooden walls is far better than a half-finished wall of stone. In 
cybersecurity, it's common that the best response to a new threat is visibility. This can 
be done quickly and easily, answering questions like, “How big is the problem?” and 
“What is our exposure?” 

e Focus: This approach allows organizations to prioritize and address the most critical risks 
first, much like how the most vulnerable parts of a castle were reinforced first. Lesser 
threats can remain in “visibility-only mode” until the threat level warrants further 
investment. 

e Innovative: Iterative security fosters an environment where innovation thrives. New 
attacks spawn new ideas and new solutions. Just as medieval castles evolved over time 
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to incorporate architectural and defensive enhancements, our cybersecurity defenses 
become stronger and more resilient as the threat level rises. 


Implementing Iterative Security 


e Adopt Agile Development Practices: Agile development is built on constant 
improvement and prioritization based on the demands of the customers, market, or 
competition. | Cybersecurity can follow the same path, delivering incremental 
improvements quickly and efficiently. 

e Perform Regular Security Assessments: Periodic reviews ensure threats are 
understood and vulnerabilities are identified much like routine inspections and upgrades 
of a fortress. Iterative Security doesn’t mean waiting to get compromised before 
innovating. 

e Foster Security Awareness: Educating the organization about security practices helps 
identify potential threats and, in turn, trigger analysis and response. “Milord, you know 
that we use the back stairs and that unlocked door in the wall to fetch your ale, right?” 


Conclusion 


Like those ancient defenders, we must face external threats quickly and efficiently. Not every 
barbarian sighting warranted building 40-foot stone walls and conscripting all the villagers. Not 
every script kiddie warrants a cutting edge, million-dollar platform. Cybersecurity is a highly 
dynamic and rapidly evolving space. Our cybersecurity strategies should be the same. As 
ClSOs, our goal is to create systems capable of mitigating threats and responding to new 
challenges without hamstringing the business. Chasing perfect security and zero risk is both 
costly and unattainable. The iterative approach to cybersecurity offers a pragmatic and effective 
strategy for protecting modern organizations. It not only ensures a strong current-state posture, 
but it also supports the agility and innovation essential for businesses to thrive in today's digital 
world. In simple terms, don’t build an impressive stone tower when a simple wooden fence will 
do. 
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For cybersecurity professionals, remaining effective requires staying on top of a constantly evolving 
arsenal of attack strategies deployed by hackers. As soon as one area is secured, another can come 
under siege. In some cases, the hackers keep their focus on the same sector, simply changing the attack 
vector to account for new security controls. As we approach 2024, the following are some of the hacking 
and cybersecurity trends that technology and security professionals should be on the lookout for. 


A recent report shows ransomware attacks are on the rise. During the third quarter of 2023, organizations 
reported nearly twice the frequency of attacks they endured during the same quarter in 2022. The same 
report showed a shift in ransomware attacks from weaponizing Managed File Transfer apps to exploiting 
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vulnerabilities. Recent media reports have shown that while new vulnerabilities continue to be discovered, 
recent attack trends focus on weaponizing old vulnerabilities. 


Reports in 2021 suggested cyber attackers were targeting companies with cybersecurity insurance, 
explaining that companies with insurance were thought to be more likely to pay ransoms than those 
without since the policy covered their losses. While it is difficult to prove the logic, it has led some 
insurance companies to exclude ransomware attacks from cyber insurance policies, forcing organizations 
to rethink their strategies for responding to such attacks. 


In terms of ransomware targets, healthcare organizations were reportedly the most frequently attacked 
during 2022, with critical manufacturing attacks ranking second on the list and government facilities 
ranking third. In 2023, healthcare remained a top target, though some experts predict a shift in 2024, 
marking the education sector as a new priority target. 


loT security 


A report issued in 2023 on loT security revealed that the average home in the US has 46 devices 
connected to the internet. Every 24 hours, those devices were targeted by an average of eight attacks, 
including DDoS attacks and loT malware. Experts expect loT attacks to continue to rise in 2024 due to 
the lack of standardized security standards in the loT industry. 


The trend toward remote and hybrid work is expected to continue in 2024 means loT vulnerabilities are 
a growing concern for many organizations. loT vulnerabilities can give hackers access to employees’ 
home networks, which are now frequently connected to work networks. Trends in loT-related 
cybersecurity include enhanced training on cyber threats for employees. 


Al-driven attacks and defenses 


As the capacity and availability of artificial intelligence tools have grown, both cyber attackers and cyber 
security experts have found creative ways to apply them to further their goals. For example, Al-powered 
tools can be used to analyze security systems and uncover vulnerabilities, an exercise that can help both 
attackers and defenders. 


Generative Al tools like ChatGPT are predicted to play a role in crafting more effective cyberattacks in 
2024, especially in the area of social engineering attacks. Generative Al tools can analyze communication 
patterns and assist cyber attackers in preparing messages with a higher chance of fooling victims. Al’s 
ability to support deepfake audio recordings could also be used to improve the effectiveness of vishing 
attacks in 2024. To respond to improved social engineering attacks, zero trust will become a normal part 
of corporate cyber security policies. 


Experts are also predicting that Al-powered tools could be used to address the ongoing workforce 
shortage in the cybersecurity space. Al-powered automation could manage security tasks that involve 
analysis of large data sets, such as scanning files for signs of malware or monitoring network activity to 
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detect attacks as they are occurring. These systems could be used to trigger security protocols to isolate 
the impact of attacks once threats are detected. 


The overall approach of cyber attackers will remain unchanged in 2024: identify and exploit 
vulnerabilities. Organizations should expect, however, that attacks will grow in volume and creativity as 
bad actors learn to leverage Al-driven tools for automation and data analytics. To fight back, organizations 
must ensure security is up-to-date, employees are educated on threats, and Al is used to support efforts 
as much as possible. 
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Let’s say you cherished your music collection, arranged in racks of CDs on your wall — and then you 
woke up one day and realized that digital downloads and streaming services have made your collection 
obsolete. For many enterprises today, working with their identity governance and administration (IGA) 
and identity access management (IAM) solutions is like that. It’s time to consider an alternative that 
increases security, productivity, and compliance. 
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Legacy solutions hinder an organization’s ability to innovate and grow. On average, businesses spend 
30% of their IT budgets on managing legacy solutions. While companies might be able to get by with the 
drawbacks of outdated solutions for some functions, this isn’t something you want to risk when it comes 
to security. Legacy solutions are forced to keep and maintain a sizable amount of bespoke code, which 
makes upgrades expensive and therefore not done. With these solutions being harder to update, 
implementing new features, bug patches and capabilities to support new business and regulatory 
requirements becomes harder, therefore, customers suffer. 


The original generation of IGA solutions relies on customized code, which is exceedingly challenging for 
enterprises to maintain in their environments. It’s like trying to find someone to fix your CD player; they’re 
hard to find these days. Implementations are cumbersome and require expert knowledge for basic tasks, 
and every solution upgrade to newer versions comes with hard-to-determine risk, a timely project and 
significant cost. However, after learning from the coding requirements of days gone by, today’s IGA now 
offers a far more straightforward method of granting users varying levels of access. 


When you extend an IGA solution by customization and coding, you need to be able to continuously 
maintain it. Customizations made 10 to 15 years ago will require development skills in older programming 
languages (e.g. Java, C++), as well as domain expertise on what that code actually does. This impacts 
resourcing, since even if you still have the staff for it, they are likely working on other projects — and 
maintaining code from 15 years ago is a major time sink for innovation and newer projects. 


Shorter time to value 


Initially, IGA was driven by compliance requirements, and while this is still a true need for deploying IGA, 
the rising threats and attacks on identity are placing bigger expectations on IGA to help reduce the identity 
attack surface. 


Value can now be delivered in shorter time spans thanks to standard-based integrations and enriched 
data flows with third-party components. The ability to implement deep and broad with a high pace has 
significantly reduced the time-to-value for businesses, lowering costs along the way. It’s like exchanging 
your wall of CDs for the option to access your music collection via a streaming service. 


Exploring IGA trends 


There are currently two contradicting trends in IGA: vendor consolidation versus best-of-breed. A 
platform player may be a good choice for small and low-complexity companies. But with more regulations 
and the explosion of identities and systems, more organizations are confronted with the limitations of 
platforms that often provide good-enough or basic functionality, but are hard to extend. 


A few things to consider when it comes to these trends are: 


e Competition on connectivity: Platforms offer fewer choices in connectivity to other IAM solutions 
(which they compete with). Because the modern enterprise cybersecurity landscape contains a 
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selection of solutions optimized to suit the business needs, the ability to collaborate and 
seamlessly integrate is key for meeting future demands. 

e Best of one world, worst of all others: Most platforms got their start by offering one great solution. 
They then acquire one or more industry solutions in adjacent parts of IAM and position themselves 
as a platform. But the level of integration is weak, and there is no added value unique to the 
platform. In most cases, the added solutions to the platform are not leaders in their category but 
are often second- or even third-tier, so customers adopting the platform are settling on subpar 
technology for parts of their identity fabric. 

e “Rip and replace” is for bandages only: IAM consists of many components. Most companies 
already have several vendors in-house, providing Access Management (AM), Privileged Access 
Management (PAM), Single-Sign On (SSO), Identity Threat Detection and Response (ITDR), 
Customer Identity Management (CIAM) or closely related functionality like Security Information 
and Event Management (SIEM) solutions. Consolidation will take a long time, and the 
dependency on a single vendor is a risk in a highly dynamic, regulated environment. Adding a 
component that is focused on open integration with all kinds of systems is beneficial, as it frees 
you from dependency, and allows you to always make the solution decision optimized to your 
business needs. Selecting best-of-breed vendors, lowers the risk of functional lacks that can 
become disruptive to the rest of your infrastructure in the process. Doing a “rip and replace” to 
use the platform version is not ideal and adds unneeded costs to deployment. 


The lesson here is to be aware of the impact that platform decisions have on your ability to stay agile, 
scalable and simple. Best-of-breed solutions are highly relevant for large and complex enterprises. 
Platform players are often a good solution for enterprises that are small, face no regulation, have no 
complexity demands and are just dipping their toes in the IGA space. Evaluate your needs and do not 
compromise on functionality. 


Upgrade for your future security 


Today, you've likely upgraded your music collection from CDs; now, it’s time to modernize identity 
governance and administration (IGA) for your enterprise. Legacy systems consume time and resources 
due to custom code maintenance. But Software-as-a-Service (SaaS)-based IGA solutions offer efficiency 
and accessibility, and security automation is a central feature. Smaller, less complex organizations may 
benefit from platform players, but larger enterprises should prioritize functionality and open integration to 
meet evolving security and regulatory demands. Evaluate your needs and prioritize solutions that offer 
open integration and independence from the single-vendor trend, ensuring robust IGA that aligns with 
evolving security demands and regulatory requirements. 
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This January at the World Economic Forum, there was a panel titled “Are Banks Ready for the Future?” 
with an esteemed panel of banking executives discussing the future of banking. When the topic of 
cybersecurity came up, Mary Callahan Erdoes, the Chief Executive Officer of J.P. Morgan Asset & Wealth 
Management, stated, “There are people trying to hack into J.P. Morgan Chase 45 billion times a day. 
That number is what it is.” Unfortunately, this soundbite is what the media grabbed onto and pushed out 
a hyperbolic narrative regarding the threats the bank faces. | don’t blame Erdoes, as this number was 
probably provided to her in a briefing by her CISO or security team, and many of the publications that put 
the number in the headline did so to get clicks. 
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Having worked closely with financial institutions, the problem with this metric is that it paints a dramatic 
picture of the threats banks face but requires more context around what that number means to paint a 
more factual view of the threats banks face. J.P. Morgan isn't facing 45 billion attempts by individuals to 
hack the banks; | believe that number is an aggregate of automated vulnerability scans, bots, phishing 
emails, adware, credit card fraud, BEC, and other automated processes. Language and metrics can be 
a minefield in cybersecurity, and it is essential that when security leaders speak to executives, they 
provide the appropriate context around the threats faced and ensure they understand and can 
communicate the threat clearly to media and their customers without triggering hysteria. 


The cybersecurity industry has faced similar stories over the years, such as the “Cyberpocalypse” or 
looming “Cyber Pearl Harbor,” terms usually used by overzealous marketing teams and the media to 
instill fear in consumers and businesses to buy their tools and click links for ad revenue. These “cyber- 
monsters under the bed” narratives used as scare tactics to keep ClSOs up at night do little to mitigate 
the real threats organizations face. 


Erdoes also mentioned that the 45 billion number is twice what it was last year, that trend is telling as it 
indicates threat actors are also exploiting the same adoption of automation and machine learning used 
by defenders, a trend we can expect to continue. Geo-politics is also at play as many nation-state 
adversaries see the U.S. financial system as a key and legitimate target to weaken our financial system 
and economy. This may also play into the exponential growth of adversary activity that J.P. Morgan is 
facing. 


Improving the security posture of our financial system requires leaders of financial institutions and the 
media to become more cyber-literate. Many financial institutions are increasingly bringing current and 
former security leaders onto their boards. CISOs are increasingly reporting to the CFO or CEO aligning 
them more closely with risk management, and providing better visibility to the executive team and board. 
This is an opportunity for banks and regulators to get on the same page regarding language and metrics 
when it comes to cybersecurity risk. 


About the Author 


Ken Westin is Field CISO of Panther Labs. He has been in the cybersecurity 
field for over 15 years working with companies to improve their security 
posture, through detection engineering, threat hunting, insider threat 
programs, and vulnerability research. In the past, he has worked closely with 
law enforcement helping to unveil organized crime groups. His work has been 
featured in Wired, Forbes, New York Times, Good Morning America, and 
others, and is regularly reached out to as an expert in cybersecurity, 
cybercrime, and surveillance. 


Ken can be reached online at Linkedin (https:/Awww.linkedin.com/in/kwestin/) and at our company 
website https://panther.com/ 


Cyber Defense eMagazine — February 2024 Edition 87 


Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide. 


There are a plenty of methods to determine someone’s identity and the most convenient cases are 
through fingerprint, iris detection, DNA and so on, while some of those indicators have become part of 
the biometrics IDs which serve in accurately being confident about who someone is, so far. On the other 
hand, the IDs can be counterfeited and in such a manner, it is obvious that as the Interpol suggested 
recently will be needed to confirm someone’s identity using a fingerprint reader on the borders or simply 
doing biometrics tracking via data search technologies applying as a criterion of the crawling some 
biometrics parameter being included into passport or identification card of some ID holder. In other words, 
some of the critical asset services could be subscribed using a counterfeit document and in such a case, 
it is needed to track those biometrics identity parameters within the Police register to see if there that 
document could serve for travelling or most likely some of those data being provided through such an ID 
could be entered into some banking, telecommunication or internet account giving a space to the 
offenders to create an account within such an infrastructure letting chance to the majority of them to be 
tracked in a cyber sense. What is needed in that fashion is to confirm some data and mainly a registration 
number of the fake document with that field among some of such created accounts and if it is caught that 
someone is with such a subscription account with, say, a cellular phone it is clear that once a mobile 
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device is emitting its signal the trace will be uncovered easily and that bad actor will be located searching 
hard for all such contacts within that network. Also, if some data search within the law enforcement is run 
those who have paid to get into the Police database will just be uncovered and their whereabout will be 
known to the authorities giving an option to start a case in order to prove and arrest those threats, so far, 
leading the investigation to a quite effective and less cost-consuming direction. 


The biometrics documents have been invoked a couple of decades ago, but their reliability is yet under 
a question mark as there is chronically a big deal of the corruption within a system as those sitting in 
decision-making spots cannot reject a bribe. There are, indeed, some techniques to combat corruption 
within a community, but there are still heaps of challenges that should be overcome. The new time brings 
some hope that once everyone gets a situational awareness about the possible risks some of those 
threats could be mitigated leaving an opportunity for many to recognize and contribute in fighting bad 
guys, so far. At a very beginning of the preparation and introducing the biometrics documents many have 
believed that could be a silver bullet which can shoot all the ongoing problems as from this perspective, 
it seems that some ideas from the past are yet good, but it is needed to make a plenty of adjustments for 
the times that come in order to manage some tomorrow’s security challenges. In other words, it’s not 
enough to develop some defense program which will support in fighting a current threat, it’s needed to 
do a lot of patching and updating in order to keep a step with a tendency as those who have built this 
world are the smart guys and they can resolve so many of that, but they cannot always accurately predict 
what the future will bring. That's something that will be left to science and mostly technology as those 
two branches of the humankind activities must deal with a high accuracy offering something that will be 
operable for real. 


Apparently, in order to get an access to any critical infrastructure it is needed to leave some personal 
information from some either true or fake ID as such a way of the identification is necessary to create 
that sort of the user’s account, so far. Therefore, in a case of the banking system which also belongs to 
the ICT facility it is possible to show either true or fake document in order to manage some finances. All 
those banking accounts being open applying a counterfeited ID are the members of the dark finances 
which should be imagined as a root of the iceberg going deeply below a surface of the frozen water. In 
addition, it is not a wrong idea at all to attempt to confirm someone’s web accounts as those sorts of the 
assets also cope with some information such as contact details like e-mail address or cell phone number, 
so some kind of the trace could be found looking within that sort of the online systems, so far. In other 
words, if anyone using a visible web has dealt with a protected e-mail address that high-tech item will be 
created leaving a plenty of the information which could be correlated with someone’s mobile object 
number and once the authorities get that identification code they will know how to confirm who is behind 
such an analytical piece of the information as even being opened on the fake ID the whereabout of the 
lawbreaker will be assessed and everything will be pushed through an identification procedure. Getting 
anything via fake IDs is a fraud and that sort of the criminal justice offense is recognized by the Criminal 
Code anywhere across the globe. Also, it’s truly feasible locating someone waiting for a login event as in 
such a case, the Police can check out the entire surrounding of that threat scanning all activated devices 
within such a place and if not being activated at that moment it is always possible searching a history of 
those GPS coordinates, so far. 
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Finally, it is obvious why skill and knowledge of the cyber security is very needed among the criminal or 
even violation investigation and why those sorts of findings and evidence must play a crucial role in 
combating crime and terrorism, as well as doing some kind of the identity management over the high- 
tech spots. 
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In the dynamic world of digital transformation, I’ve observed a paradigm shift that is reshaping the very 
fabric of cybersecurity: the monumental rise of APIs. As the CEO of Traceable, I’ve witnessed firsthand 
how APIs, once merely technical facilitators, have evolved into pivotal elements, driving business 
innovation and simultaneously emerging as potent attack vectors. 


Reflecting on the evolution of Zero Trust, a principle that demands rigorous identity verification for every 
entity attempting access, it’s evident that our cybersecurity strategies have continually adapted to 
counteract emerging threats and leverage technological advancements. From the inception of Zero Trust 
Network Access (ZTNA) to the innovative strides made through Secure Access Service Edge (SASE) 
and Security Service Edge (SSE), our journey has been about navigating through the complex 
cybersecurity terrain, always with an eye toward the future. 


However, the proliferation of Application Programming Interface (APl)-related data breaches has 
illuminated a critical vulnerability within our existing frameworks and architectures. APIs have expanded 
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the attack surface for adversaries, necessitating a strategic reevaluation and fortification of our security 
postures. 


APIs: Unveiling New Cybersecurity Frontiers 


APIs, while enabling, have become a conduit to valuable assets and transactions, requiring us to rethink 
our cybersecurity strategies. APIs have permeated every facet of our digital life, enabling us to innovate, 
scale, and deliver exceptional customer experiences. They facilitate the integration of various systems 
and platforms, allowing them to communicate and transact with each other in a seamless manner. From 
enabling mobile applications to access data from cloud servers to facilitating payment transactions, APIs 
are omnipresent, often operating behind the scenes, unseen yet critical. 


However, this ubiquity also unveils a plethora of cybersecurity challenges. Cybercriminals exploit APIs to 
gain unauthorized access, manipulate data, disrupt services, and in some instances, leverage them as a 
gateway to infiltrate deeper into the network. The exploitation of APIs is not merely a breach of data. It’s 
a violation that can disrupt business operations, erode customer trust, and tarnish organizational 
reputation. 


Given their integration into virtually every digital transaction, safeguarding APIs transcends technical 
necessity and emerges as a strategic imperative that demands our immediate and undivided attention. 
It’s not merely about protecting data but safeguarding the very mechanisms that facilitate our digital 
interactions, transactions, and ultimately, drive our businesses forward. 


Zero Trust for APIs: A Strategic Imperative 


In the realm of cloud-native security, where resources and API endpoints are perpetually interacting with 
a myriad of authenticated users and devices, it’s imperative to intricately weave the principles of Zero 
Trust into the API security architecture. This involves: 


e Verifying User Authenticity: Ensuring robust authentication mechanisms are in place as users and 
applications access APIs. 

e Understanding API/Data Context: Recognizing the sensitivity and type of data being transmitted 
through APIs to implement appropriate security controls. 

e Ensuring Secure Deployment: Adopting best practices for deploying cloud resources and APIs 
securely, encompassing aspects like advanced encryption, robust IAM principles, and vigilant 
security posture management. 

e Intelligent Rate Limiting: Implementing intelligent rate limiting to manage the flow of requests to 
APIs, thereby preventing abuse and ensuring service availability. By understanding the typical 
usage patterns of legitimate users and applications, intelligent rate limiting can identify and 
mitigate potential abuse, such as brute force attacks or data scraping, without impacting the user 
experience. 

e Granting Least Privilege: Implementing stringent authorization protocols to ensure that API 
access is strictly regulated and adheres to the principle of least privilege. This means ensuring 
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that entities (users, services, or applications) have only the access they need to perform their 
tasks, minimizing the potential impact of a security breach. 


Embarking on the Journey of Zero Trust Policies 


The journey towards robust API security doesn’t end with the implementation of these principles. It 
extends into the realm of Zero Trust policies, where the focus shifts towards a meticulous examination of 
data access patterns. This exploration is pivotal, offering a lens through which organizations can perceive 
and understand how data is accessed, manipulated, and transferred within their digital ecosystems. 


The essence of implementing Zero Trust policies lies in the granular enforcement of access controls. 
This involves a nuanced approach where access levels are not just assigned but are customized. It’s 
about ensuring that the principle of least privilege is embedded within the very fabric of the organization's 
access control mechanisms, thereby not just safeguarding the organization's data but also ensuring the 
availability and reliability of services. 


The Bottom Line 


Incorporating these principles into your API security strategy is not merely about protecting sensitive data. 
It's about ensuring that the organization's digital assets, reputation, and service availability are 
safeguarded, providing a secure, reliable platform upon which the organization can innovate, grow, and 
navigate through the increasingly interconnected digital landscape. 


| urge you to meticulously examine your security stack, ensuring that your organization is fortified against 
the looming threat of API breaches, safeguarding not just your digital assets but the very future of your 
enterprise. 
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The digital environment has evolved significantly, becoming a complex space where cybercriminals 
exploit vulnerabilities in critical infrastructure and sensitive data. These criminals use advanced malware 
and exploits to attack interconnected systems. Traditional security methods, based on fixed rules and 
configurations, are often inadequate to counter these sophisticated threats. However, artificial 
intelligence (Al) is emerging as a powerful tool in cybersecurity. 


Al-based solutions are transforming cybersecurity, moving beyond enhancements to redefine how cyber 
threats are understood and countered. Cognitive fraud detection systems use machine learning to 
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examine financial transactions, network activity, and user behavior. These systems operate at high 
speeds, identifying anomalies and patterns indicative of fraud, often catching such activities in real time. 


Unlike older rule-based systems, which are more easily bypassed by attackers, Al algorithms 
continuously evolve. They learn from previous encounters and adapt their detection models to include 
new fraud tactics and trends, reducing false positives and enhancing security resilience. 


Al-Driven Threat Intelligence Beyond Finance 


Cybersecurity challenges extend beyond financial transactions to the broader digital infrastructure. Al- 
driven threat intelligence plays a crucial role here, enabling organizations to proactively defend against 
potential attacks. These systems analyze various data sources, including social media, dark web forums, 
and malware repositories, to provide a comprehensive view of potential threats and vulnerabilities. This 
information helps organizations strengthen their defenses, prioritize patches, and take preventive actions. 


Al-powered threat intelligence allows organizations to move from reactive to proactive security strategies. 
They can now anticipate potential threats, close security gaps, and deploy countermeasures in advance, 
shifting the balance of power from attackers to defenders. 


Behavioral Analysis and Al 


The human aspect is a vital component of cybersecurity. Al-based behavioral analysis systems examine 
user behaviors, such as login patterns, device usage, network traffic, and resource consumption. By 
applying Al to these activities, the systems can detect anomalies that may indicate compromised 
accounts, insider threats, or unauthorized access. For example, an Al system might flag a user logging 
in from an unusual location or device as a potential security risk. 


Predictive Analysis in Cybersecurity 


Predictive analysis in cybersecurity aims to foresee and prevent attacks before they occur. Al models 
analyze historical attack patterns and threat intelligence to predict future attack vectors. This approach 
enables organizations to strengthen defenses where needed most and neutralize threats proactively. 


Human-Al Collaboration in Cybersecurity 


While Al offers significant advantages in cybersecurity, it is not infallible and can be prone to manipulation 
and bias. Effective cybersecurity strategies combine human expertise with Al capabilities. Human 
analysts guide the development and application of Al systems, ensuring they align with organizational 
priorities. Human oversight is also crucial for interpreting Al-generated insights and ensuring appropriate 
responses to threats. 
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Challenges and Considerations for Al in Cybersecurity 


The integration of Al into cybersecurity presents several challenges and considerations: 


e Data Privacy and Governance: Al requires large datasets for training, raising data privacy and 
security concerns. Establishing robust data governance frameworks is essential for ensuring 
transparency and user control over their data. 

e Bias and Fairness: Al systems can reflect societal biases if trained on biased data. It is important 
to select data carefully, test rigorously, and monitor Al systems continuously to prevent 
discrimination. 

e Explainability and Interpretability: Understanding the decision-making process of complex Al 
models is challenging. Developing explainable Al models is important for trust and control. 

e Human-Al Collaboration: Al should complement, not replace, human analysts. A collaborative 
environment where humans and Al work together enhances the effectiveness of both. 


The future of cybersecurity is closely tied to Al development. By harnessing Al's potential and addressing 
its limitations with a human-centric approach, a more secure digital environment can be achieved. 


About the Author 


Bryan Kissinger Senior Vice President of Security Solutions and Chief Information 
Security Officer Trace3. Bryan C. Kissinger, PhD is a seasoned IT and security 
professional with over 20 years of experience leading global teams in the 
successful delivery of technology solutions that enable business value. He is 
known for his ability to rapidly mature IT risk and information security programs 
and quickly deliver on the implementation of emerging technologies to solve 
complex business issues. He has served as the information security leader at 
multiple large healthcare organizations—this expertise is coupled with Big 4 
consulting leadership across emerging technology, financial, retail, and 
government sectors. Using his unique business-minded approach, he is an advocate for, and has 
implemented many, next-generation security solutions focused on preventing and detecting current and 
anticipated threat vectors. 


Dr. Kissinger holds a Bachelor of Science degree in finance from the University of Maryland, a master’s 
degree in Business Administration, and a PhD in Information Technology Management. His certifications 
include CISSP, CISA, CCNA, CWNA, and MCSE. 


Dr. Kissinger is a Navy veteran, having served as a Surface Warfare Officer for seven years on active 
duty with tours in the Western Pacific and Persian Gulf theaters. 


He currently serves as Senior Vice President of Security Solutions and Chief Information Security Officer 
for Trace3, and splits his time between Miami Beach, FL and Asheville, NC. Brian can be reached online 
at https://www.linkedin.com/in/bryan-kissinger-phd-0b75245/_ and at our company website 
http://www.trace3.com/ 


Cyber Defense eMagazine — February 2024 Edition 96 
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide. 


After observing the cyber threat landscape in 2023, in the coming year we're going to see a complete 
mind shift throughout enterprises and government entities worldwide. The trend forcing this change in 
thinking is the result of the massive number of successfully breached and subsequently extorted 
organizations who either paid their ransoms or watched their operations come to a halt last year. Never 
in the history of cybersecurity have so many organizations fallen to human-operated, ransom-based 
attacks as seen in 2023. 


So, what is the “about face” we can expect to see? Simple. Organizations will finally realize they can no 
longer take a solely defensive approach to security. For decades, organizations have relied upon industry 
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experts and best-practices guidelines that all recommended, “add layer upon layer of defenses”, only to 
watch this tactic often fail to deliver adequate protection. Many believe the only way organizations are 
going to get their arms around the escalation of successful extortion-inspired breaches is to go on the 
offensive, attack themselves with the same tactics, techniques, and procedures (TTPs) attackers are 
using, and finally find the reagents lying in wait within their IT and cloud environments that are enabling 
these attacks to succeed. 


This change in thinking is going to take a new class of security solutions mainstream, especially those 
that are offensive in nature and are underpinned with offensive Al capabilities. These Al-powered 
offensive solutions will not be used to attack others. Instead, they will be used by organizations to attack 
themselves with Al-based technology that comes as close to mimicking attackers as possible. Therefore, 
offensive focused innovators will likely garner great interest in the security buyer communities. To be 
clear, this branch of Al has little to do with Large Language Models (LLMs) like ChatGPT and others. It 
has to do with purpose-built, autonomous systems that are capable of doing the exact same things 
attackers do — breach your networks and steal your data. Finally, organizations of all sizes will be able to 
see their own environments through the eyes of an attacker. 


As a result of this change, younger security companies that offer purely defensive-based technologies 
will likely have increasing difficulty in raising new capital to stay afloat. Therefore, a significant 
consolidation movement is likely on the horizon this year in the security industry. Smaller security firms 
that have consumed their cash faster than anyone expected, primarily due to customers delaying 
purchases due to their own economic challenges, will be forced to either go into survival mode, close up 
shop, or sell to the highest bidder. Consolidators will be on the lookout to purchase moderately successful 
companies so they can grow their own customer base through inorganic methods. 


The reason for this awakening is also based upon the change currently happening, especially in terms of 
the latest legislative actions. In nearly every piece of new and/or proposed legislation (designed to 
address the current threat landscape of course,) every one of them calls for a new approach to security 
that is now focused on assessments, self-assessments, risk assessments, and so on. And often, these 
words are joined by the notion of “continuous”. 


When searching for those terms in the many pages of any new piece of legislation, you will see them 
peppered throughout these initiatives. This is a tell-tale sign that things are about to shift 180 degrees 
since the term “assessment” really means that organizations will be required to go on the offensive, using 
manual, automated, and autonomous adversarial exercises, and attack themselves so they can find their 
truly exploitable weaknesses before attackers do. 


Since this is the case, we can expect investors will shift their interests too, follow this trend, and place 
their bets on innovative companies that can address the foreknown growing demand for offensive-based, 
continuous self-assessment solutions, especially if they are underpinned by Al and machine learning. 
These assessments are not the run-of-the-mill vulnerability scans or once-per-year pentest. These are 
real-world, ongoing cyber readiness exercises. 
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Not only are legislators pushing for continuous self-assessments, cyber insurance companies, 
manufacturers who rely on their massive third-party supply chains, military hardware/software buyers, 
and other similar parties will also likely begin to embrace this offensive-based assessment mindset and 
require partners and suppliers to do so as well. In other words, if you want to do business with premium 
buyers, you will now be required to provide self-assessment scorecards before buyers buy, when 
applying or renewing cyber insurance, or doing business with the government in the very near future. 


Hold on tight, because in 2024, organizations are about to fully discover the overabundance of 
weaknesses already residing in their networks they previously knew nothing about - discovered by way 
of offensive-based security solutions that are ready for the mainstream. 
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In an era of sophisticated cyber-attacks, security leaders are feeling the pressure to fortify their 
infrastructure - deploying a variety of defenses including zero-day patches, security tools with frequent 
application updates, and more. However, aS companies progressively implement layered security 
protocols to safeguard their systems, users have increasingly encountered friction in their day-to-day 
workflows. In fact, nearly 75% of CISOs say that employees within their business are frustrated with 
current security policies that are affecting their productivity. 


This growing user dissatisfaction can be even more costly to the security of an organization as workers 
will be increasingly reluctant to tolerate disruptive software updates, patches, and security protocols that 
impact workflow efficiency. It can also lead to greater personnel issues, affecting the critical business 
component of employee satisfaction and hindering enterprise productivity. 


So, how can security leaders find a balance between enhancing organization security and end-user 
satisfaction? 
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Let’s dive into how security leaders can ensure both the safety of their infrastructures and the satisfaction 
of their end-users through a modern cloud-native approach, including the implementation of modern VDI 
tools to help measure end-user experience and understand the impact of existing and planned security 
tools. 


Security vs. Satisfaction: Breaking Down the Dilemma 


Many essential, yet cumbersome, cybersecurity protocols can alienate an enterprise’s most critical asset: 
its employees. This clash between IT security's push to tighten defenses and employees' desire for a 
smooth digital experience creates a CISO vs. employee dilemma. This adds even more pressure on 
business leaders to optimize security processes. The reality is that the user friction caused by excessive 
security measures can backfire, potentially leading to costly security vulnerabilities and talent drain. 


As an example, employees will be much more reluctant to tolerate software updates or security measures 
- like using multi-factor authentication (MFA) or password managers - as they add time and effort to their 
day-to-day tasks. In this scenario, they may work around updates or delay necessary fixes so as to not 
disrupt workflow. What is even more concerning, users may also use their personal accounts to do work 
to avoid burdensome security measures. In the most extreme cases, some pockets of “shadow IT” may 
emerge with the most technically savvy employees. 


All in all, with lower end-user tolerance for updates and potential workarounds, organizations are more 
exposed to costly risks, including ransomware attacks or data leaks. 


Security leaders must also consider the integration of costly tools that overlap with one another or go 
unused, as this is another key challenge of integrating an increasing number of security measures. 
Overburdened by tool sprawl, CISOs can lose track or fall behind compliance of security assets, resulting 
in needless costs, and dragging down user and company efficiency. 


Lower end-user satisfaction ultimately leads to employee retention challenges as well — costing the 
enterprise time and money. In fact, as of 2023, the costs of turnover in a business for technical positions 
jumped to 100 to 150 percent of salary, impacting the business steps for onboarding and offboarding as 
well. 


Striking the Balance Between Security & Satisfaction 


To effectively balance end-user satisfaction and sufficient security protocols, organizations must adopt a 
pragmatic, holistic approach. Prioritizing user experience while maintaining seamless business 
operations and enterprise-wide security is paramount. This involves the critical element of assessing end- 
user experiences to comprehend the impact of existing and planned adoption of security tools. 


To achieve the monitorization and measurement of real-time and historical end-user experience, 
enterprises can turn to modern, cloud-native Virtual Desktop Infrastructure (VDI) capabilities. By opting 
for modern end-user computing solutions, organizations can swiftly pinpoint areas of employee 
dissatisfaction, observe trends in compliance with security protocols, and gain real-time end-user 
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experience insights to promptly address emerging issues. Business leaders will also gain insight into the 
specific areas where employees encounter disruptions with certain security tools — allowing organizations 
to thwart potential end-user challenges before they escalate. 


This proactive approach enables the development of a tailored, data-driven cybersecurity strategy, 
ensuring sustained employee satisfaction and productivity and enhanced enterprise security. Business 
leaders will effectively be able to understand the impact that disruptive tools have on employees, and the 
costs to their organization, and mitigate growing pains. They'll also be able to prevent any challenges 
associated with end-user satisfaction and, ultimately, increase employee retention. 


Most importantly, enterprises will bolster security measures without generating any adverse effects on 
their people’s satisfaction and productivity. 


The Future of Security for The End-User 


Turning a blind eye to the ongoing tension between security and user experience is an invitation to 
disaster. Disgruntled employees, frustrated by relentless updates and cumbersome tools, can lead to 
even greater risks for the enterprise as employees deflect burdensome security protocols. Not to mention 
costly talent drain and employee turnover consequences for the business. 


To address these challenges, security leaders must consider the integration of modern end-user 
computing strategies, including cloud-native VDI solutions, that can analyze user satisfaction, 
productivity, and connectivity trends. 


With greater insight into end-user experience, organizations can effectively bolster security and employee 
satisfaction, contributing to a resilient and harmonious digital environment. 
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Overcoming Common Data Security 
Challenges 


By Claude Mandy, Chief Evangelist at Symmetry Systems 


Organizations depend on data to operate. From day-to-day operations to strategic decisions, data is what 
keeps an organization ticking. As digital transformation marches on, the volume of data generated by 
businesses grows exponentially — and data security challenges grow with it. 


Here, we will explore some of the most common challenges organizations face when it comes to securing 
data, the risks associated with them, and best practices organizations should implement to improve their 
overall data security posture. 


Lack of Data Inventory 


One of the most common challenges organizations face is the lack of a data inventory. Organizations 
simply don’t know what data they have, where it is, and why it’s important. The primary reason for this is 
due to the ever-increasing amounts of data being created across different parts of the organization. And 
somewhere within these vast amounts of data, lies sensitive information that puts organizations at risk. 


This lack of visibility leaves them vulnerable to unforeseen threats. including legal penalties from non- 
compliance, operational disruptions due to unauthorized data access or alterations, and severe 
implications on overall security. A credential or secret is just data after all. 
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Thankfully, a lack of data inventory is an easy challenge to address because there are tools available 
that can provide this visibility. Complete visibility not only into which infrastructure resources contain 
sensitive data across cloud data stores, but also ownership of the data. A robust data inventory is crucial 
for any effective data-centric security strategy that enables organizations to proactively identify and 
address potential security threats before they become a data breach. 


Dormant Identities and Data Stores 


Aside from a lack of data inventory, dormant identities are the single most common data security issue 
and one of the most overlooked paths to breaches and attacks. A Dormant identity is any user, role, or 
service account that has been inactive for extended periods of time. These identities accumulate in 
organizations when there is not a proper system in place to remove terminated employees, inactive users, 
or unnecessary permissions. 


Delayed or incomplete employee or vendor offboarding are a common cause of dormant identities. 
Companies often swiftly onboard new employees and third-party individuals. However, when these users 
leave or change roles, the offboarding procedures are oftentimes pushed aside. With that, permissions 
or unnecessary identities of departed users are not revoked or deleted, leaving them accessible to former 
employees, contractors, or potential attackers in case the credentials are compromised. 


Regardless of the root cause, dormant identities present a common and overlooked avenue for breaches 
because threat actors seek out the path of least resistance, and a compromised dormant identity can 
often be the quickest way to obtain sensitive information. If left unmonitored, threat actors can seize 
control of these accounts and identities without detection, and achieve access to sensitive data. Dormant 
identities are typically less monitored, so in the event of a compromised dormant identity, security teams 
often remain unaware of the breach. 


Dormant data stores can also put organizations at increased risk. Dormant data stores are old and 
unused, and become potential targets for attacks as they are often forgotten and unmanaged. 
Organizations retain archives of information due to regulatory compliance or store long past their useful 
life, in the hope of potential future use. But in reality, dormant data is never utilized once it become 
dormant and while it may not be of business value, it remains accessible and increases risk by expanding 
the organization’s attack surface and the blast radius of a potential data breach. 


To remediate these challenges, it is important to prioritize cleanup tasks and conduct proactive exercises 
to reduce risk promptly and regularly. To do this, organizations should adhere to their stipulated data 
retention policies and prioritize removing any high-risk dormant identities and removing any unnecessary 
permissions. They should ideally invest in automation that enables ongoing monitoring, alerting, and 
proactive risk reduction. 
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The Risks of Over-Privilege 


Alongside dormant identities and old user accounts, over-privileged identities can be just as dangerous. 
Users should only have privileges required to carry out their designated job responsibilities or least 
privilege. If an organization overestimates the level of access or permissions an identity needs, (and they 
often do) they open themselves up to significant and avoidable risks. If a user with malicious intent gains 
access through an over-privileged identity, they can acquire heightened access and cause more 
extensive damage than they would under normal circumstances. 


Over-privileged data stores also enable widespread access and increase an organization’s risk for a data 
breach. Virtually every organization has data stores that would be deemed over-privileged. Data within 
an organization should exclusively be available to users with a genuine business need for that specific 
data — but this is far more challenging to determine than it may seem. Oftentimes, data stores have 
widespread access enabled and project managers share credentials without fully understanding the 
resultant permissions. When permissions are granted in this manner, this puts the organizations at 
greater risk of data breaches, leaks, and misuse. 


To enhance security and avoid the risks associated with over-privilege, organizations are advised to grant 
and continually right size permissions strictly based on job duties and operational necessity. Furthermore, 
organizations should implement a streamlined, semi-automated process for permission management, 
only re-granting access when necessary. These measures collectively contribute to reducing the attack 
surface and mitigating the impact of compromise in the event of a breach. 


A Case for Increased Visibility 


These are just a few of the many challenges organizations face when securing their vast amounts of 
data. To address these challenges, businesses must evolve their approach to data security. Data 
protection can no longer be confined to traditional perimeters or the devices being used. Instead, securing 
data requires full visibility into where it resides, how sensitive it is, who has access to it, and how it is 
being used. 


When organizations have complete visibility into their data, they are able to remove dormant data and 
identities, assign users with least privileges, and ensure their data inventories are secure and up to date. 
By implementing tools that provide a holistic view into an organization's data, and continuously and 
proactively monitor for threats, organizations significantly enhance their security and ensure the safety of 
their sensitive information. 


Data is often an organization's greatest asset, as well as their greatest source of risk. As the volume of 
data continues to grow, security teams face increasing challenges in trying to protect it. In order to combat 
these challenges, organizations must prioritize visibility and proper data management. By implementing 
tools that provide a holistic view of their data, organizations minimize the risk of a data breach, even as 
their volume of data continues to grow. 
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QR codes can be found almost everywhere, helping people access useful information and other 
webpages as fast as they can open their smartphone cameras. 


Many of us dont think twice before scanning them. But to cybercriminals, their pervasiveness presents 
a new opportunity; the chance to deploy a sophisticated phishing strain designed to make us let our guard 
down while malware is uploaded or sensitive information stolen. After all, no one can verify a QR code is 
safe just by looking at it. 


Dubbed as quishing, this subclass of email-bound phishing has taken off in the past year. In the span of 
just one month — from August to September — the number of quishing attacks skyrocketed by 427%. 
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But this alarming rise is only half the problem — the approaches used to execute the attacks are growing 
wildly complex, incorporating advanced techniques to bypass email security solutions and utilizing 
increasingly clever social engineering tactics to deceive unsuspecting victims. 


One such exploit was identified by Perception Point's team of analysts. They uncovered a phishing 
campaign that took advantage of an open redirect vulnerability within one of Microsoft's suite of services, 
potentially compromising client data. 


Point of Entry 


Open redirect vulnerabilities arise when a web application or server is configured in a way that allows 
attackers to redirect a user to an external, untrusted URL via a trusted domain. 


In the case of the team’s latest discovery, attackers exploited such vulnerabilities within Azure Functions 
— a Microsoft cloud computing platform for app developers — using parameters in URL queries that were 
either unvalidated or improperly sanitized. This oversight enabled malicious actors to craft URLs that 
appeared to belong to Microsoft but instead would redirect users to spoofed login sites via fraudulent QR 
codes. 


Attack Breakdown 


How did this attack work? 


It began with a user receiving an urgently worded email from what appeared to be Microsoft Support. 
Using a seemingly legitimate domain, the email easily passed the sender policy framework (SPF) checks 
— the email authentication standard domain owners use to verify email servers, which makes it hard for 
threat actors to push through fake sender information undetected. 


The email contained a PDF attachment with the subject line: “Please fix your credentials.” The PDF 
prompted users to update their account password and email credentials by clicking on the embedded 
link. This redirected users to a malicious QR code with Microsoft's logo on it, which was hosted on a 
legitimate server on the popular image hosting site, Flickr. 


Reassured by the familiar logo, users were prompted to scan the code with their phone camera. Pairing 
familiar, well-established logos with malevolent QR codes is a psychological tactic that encourages 
people to use their less secure mobile devices, as opposed to more secure computers. In addition, when 
using their phones, users are less inclined to scrutinize URLs and adhere to general security 
recommendations. 


Scanning the QR code led to a series of URLs, exploiting an open redirection vulnerability in Azure 
Functions, creating a convincing chain of redirections that culminated in a spoofed Microsoft 365 login 


page. 
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After inserting their email address on the spoofed login page, users were redirected again; this time to 
the legitimate login.live.com — Microsoft's real login page. The threat actor then set a session cookie on 
the user's device during the redirection process, allowing visibility into victims’ credentials and, in turn, 
easily accessing their accounts. 


Microsoft quickly mitigated the issue soon after the incident response team shared their findings with 
Microsoft e security team. 


Gone Phishing 


This sophisticated quishing campaign exploiting Microsofts open redirect vulnerabilities is a testament 
to the ever-evolving, increasingly sophisticated nature of phishing attacks. 


Organizations must stay vigilant — regularly updating security protocols and educating teams to better 
recognize the nascent ways cybercriminals exploit and circumvent the latest cybersecurity frameworks. 


To paraphrase the old adage, there’s always a bigger phish to phry. 
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As |srael’s military campaign in Gaza continues, the United States as a political sponsor of Israel is 
contending with regional provocations by several members of the Iranian-aligned “axis of resistance.” 
These are inevitably going to involve US forces, Israel and their allies. A wave of Houthi missile attacks 
has spooked shipping companies and energy markets as latent Iranian cyber threat looms beyond. 
Tehran has warned of further attacks beyond the reach of its kinetic means, which likely implies a threat 
of cyber attacks on critical infrastructure and logistical hubs on global shipping routes. Iran’s growing 
expertise and willingness to conduct aggressive cyber operations make it a major threat to the security 
of U.S. and allied networks, data and critical infrastructure. Iran e opportunistic approach to cyber attacks 
makes critical infrastructure and logistical hubs operators susceptible to being targeted. 


Major shipping companies such as Hapag-Lloyd, Evergreen Line, Maersk or MSC are avoiding the Red 
Sea with some of their ships because of attacks by the Houthi terrorist group. They are diverting their 
vessels to the Cape of Good Hope at the southern tip of Africa, which makes sailing to Europe much 
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more expensive and time consuming. The United States responded by announcing Operation Prosperity 
Guardian, which aims to protect world trade from the Houthi threat. 


The Red Sea Crisis 


Backed by Iran, the Houthi rebel group controls vast swaths of northern Yemen, following a yearslong 
effort to gain power that ultimately plunged the country into a devastating civil war in 2014. After years of 
fighting between the lran-armed Houthis and a Saudi-led coalition, at least 377,000 people had been 
killed by the end of 2021, 70 percent of whom were children younger than 5, according to U.N. estimates. 


Experts say the Houthis’ Red Sea attacks are part of a bid to shore up domestic support and strengthen 
the group’s regional standing, while the Houthis’ popularity has only grown since they began waging 
these attacks. As part of Iran’s “Axis of Resistance,” the Houthis have vowed to attack ships transiting 
the Red Sea until Israel ends its bombardment of Gaza. By attacking ships heading toward Israel, Iran, 
through its Houthi proxies, is essentially doing what Washington and the West does with economic 
sanctions — imposing secondary financial costs on some policy actions by Israel, the US and their allies. 


New freight charges reflecting the crisis in the Red Sea have already been announced by all the major 
shipping companies. CMA CGM, Hapag-Lloyd and Maersk are all set to raise prices on many of the 
world's busiest trade routes. "The dynamic situation in the Red Sea and the necessary operational 
adjustments are causing disruption across the network, which will impact shipping schedules and supply," 
Hapag-Lloyd reported last week. In a published statement, it additionally introduced an "Emergency 
Revenue Charge" for Red Sea freight, which should cover the additional costs of heightened security and 
naval insurance. This measure will increase the price of a regular 20-foot container by $1,000 on the 
route from the Mediterranean and by $1,500 on the route from the Gulf of Aden. Similar steps have been 
taken by other major freight companies. If higher shipping costs are reflected in the price of the consumer 
goods transported, the geopolitical crisis in the Red Sea will be felt by end customers in Europe, Aisa 
and further across the globe. 


30% of the world's container traffic flows through the narrow waterway between the Arabian Peninsula 
and Africa, while ships in general account for more than 80% of world trade, which flows mainly through 
chokepoints like Suez, strait of Malacca, Taiwan strait or the Panama Canal. The Houthi attacks therefore 
are not only attacking individual vessels, but the entire international community and global economic 
prosperity. The United States and their allies have a significant interest in maintaining the security of the 
Red Sea, not only because of defence commitments to Israel and US allies in the Persian Gulf like Saudi 
Arabia, but also to guarantee freedom of navigation and to protect free maritime trade, which serves as 
the bedrock of the global GDP rise since the Second World War. 


On January 4th, U.S. Navy’s 5th Fleet stated that Houthis launched a naval-surface suicide drone into a 
commercial shipping lane in the Red Sea today, in the first attack of its kind by the Houthis who usually 
use aerial drones and missiles; the drone reportedly exploded off the coast of Yemen not causing any 
damage in what is believed to be 25th attempted attack on shipping vessels in the region since October 
7th. 
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Furthermore, there have now been more than 100 attacks against U.S. and allied forces based in Iraq 
and Syria since mid-October, and repeated attacks by the Houthis based in Yemen. According to US 
defense officials, more than 100 drones and missiles have been fired in recent weeks against vessels, in 
addition to targeting Israel and flying through Saudi territory. In response, Washington announced the 
establishment of a multinational naval task force, dubbed Operation Prosperity Guardian, to support 
freedom of navigation in key Red Sea waterways. The operation is set to include Bahrain, Canada, 
France, Greece, Italy, the Netherlands, Norway, Seychelles, Spain, and the United Kingdom, U.S. 
officials said, although details are still murky and there remains ongoing confusion about what it will look 
like. Italy, for example, has said it is sending a frigate to the Red Sea under its long-standing plans — not 
as part of Operation Prosperity Guardian. Several other countries also agreed to take part in the task 
force but preferred to remain anonymous or not join the American command structure — for example Arab 
countries depend on freedom of navigation but don’t want to be seen as defending Israel just now, since 
the Houthis are linking their attacks to Israeli war on Hamas in the Gaza strip. 


America’s broad approach has so far been primarily reactive in nature and limited in scope, though media 
reports suggest at least some debate within the U.S. President Biden’s administration over a more robust 
response. Those calls will likely increase in the event of a major incident like successful targeting of U.S. 
flagged allied warships or deadly attacks on coalition troops in the region or potentially even a large-scale 
cyber attack. There is a continuous risk of serious escalation and Iran possess the tools to disrupt critical 
infrastructure in Saudi Arabia not only by drones and rockets, as already demonstrated in the 2019 
Abqaiq—Khurais attack, but also by means of cyber warfare, as demonstrated by the largescale hack of 
Saudi Aramco in 2012. The Saudi Aramco incident signaled Iran e growing cyber capabilities and 
Tehran’s willingness to use them to promote its interests, particularly in its battle of influence in the Middle 
East with Saudi Arabia. At the time, some countries had the capability to remotely destroy computer data, 
but there were few publicly known instances of a country using them. But nowadays, Iran is among world 
leaders in terms of using cyber warfare as a tool of statecraft. While Iran is not likely to escalate itself in 
the Gulf and be seen as the party that breached the China-brokered peace deal with Saudi Arabia, the 
pressure from China is not inhibiting Iranian actions against the West, Israel or the anti-Houthi naval 
coalition. And while Hezbollah is not going to act without permission from Tehran, the Houthis and other 
groups in the region can act against the same targets on their own. 


The Cyber Perspective 


While Iran uses its proxy forces for the grand majority of attacks on its rivals, the partial deniability 
provided by cyber warfare leaves Iran’s own tools on the table, even as Iran hesitates to confront its rivals 
openly by kinetic means. Iranian hackers have been repeatedly successful in gaining access to emails 
from an array of targets, including government staff members in the Middle East and the US, militaries, 
telecommunications companies or critical infrastructure operators. The malware used to infiltrate the 
computers is increasingly more sophisticated and is often able to map out the networks the hackers had 
broken into, providing Iran with a blueprint of the underlying cyberinfrastructure that could prove helpful 
for planning and executing future attacks. 


During the last 5 years, from the 12 biggest publicly known cyber attacks on Saudi Arabia, Iran was 
responsible for 8 of them. In these attacks, Iranian Advanced Persistent Threats (APTs) like MuddyWater, 
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Cotton Sandstorm or Static Kitten have been focusing on traditional espionage targets like governmental 
organizations (in case of Saudi Arabia Ministry of Defense for example), telecommunication or aviation 
but also the oil industry, transportation and critical infrastructure. Iran has been rapidly accelerating 
cyberattacks since mid-2022. Moreover, Iran is now supplementing its traditional cyberattacks with a new 
playbook, leveraging cyber-enabled influence operations (IO) to achieve its geopolitical aims. Supreme 
National Security Council (SNSC) Secretary Rear Admiral Ali Akbar Ahmadian has called for greater 
cyber security cooperation among BRICS countries during a Friends of BRICS National Security Advisors 
meeting in Johannesburg, South Africa last summer. Iran is likely trying to tap into Chinese and Russian 
expertise in “soft war’, which is an Iranian doctrinal term that refers to the use of nonmilitary means, such 
as economic and psychological pressure and information operations, to erode regime legitimacy, cultivate 
domestic opposition, and propagate Western values in Iran. While - like Russia - Iran expresses the belief 
“soft war” is a tool mostly used by the West, its own actions in cyberspace and other fronts testify to the 
fact that Iran is increasingly using “soft war” as its very own tool of statecraft. 


Iran’s minister of defense, Brig. Gen. Mohammad Reza Ashtiani, confirmed as much in a speech to his 
country’s defense officials last year, in which he outlined that given the current complex security situation 
in the Middle East, Iran had to redefine its national defenses beyond its geographic borders. According 
to Mrs. Ashtiani, that means utilizing new warfare strategies - including the use of space, cyberspace and 
other ways. 


Iran’s showing fast evolving capabilities as it has narrowed the gap with other powers opposing the West 
like Russia and China. Iranian hackers used the relieving of pressure provided by the nuclear deal and 
focused their energy on regional targets like Saudi Arabia, where they have consistently been trying to 
embed themselves in critical networks in order to prepare vectors of attack should the regime command 
the IRGC and the Ministry of Intelligence to do so. 


Iran has also seemingly concluded that the Houthis’ experiment in the Red Sea has been so successful 
that it bears repeating in the Mediterranean and in other waterways. “They shall soon await the closure 
of the Mediterranean Sea, [the Strait of] Gibraltar and other waterways,” Brig. Gen. Mohammad Reza 
Naqdi, the coordinating commander of Iran’s Islamic Revolutionary Guard Corps, told Iranian media on 
Dec. 23, apparently referring to the international community. Since Iran does not possess kinetic strike 
capability to target targets that far, we can assume he’s referring to Iran’s cyber capabilities and the 
regime’s apparent willingness to use them should Tehran feel threatened, which can easily happen in a 
tense situation like the one that exists in the region nowadays. 


Iran es growing expertise and willingness to conduct aggressive cyber operations make it a major threat 
to the security of U.S. and allied networks, data and critical infrastructure. Iran e opportunistic approach 
to cyber attacks makes critical infrastructure and logistical hubs operators susceptible to being targeted. 
In December IRGC-Affiliated hackers were able to exploit PLCs in multiple sectors, including U.S. water 
and wastewater systems facilities. Since Iran often uses cyber as a pillar of deterrence, this cyber attack 
may have been a warning of possible retaliation by cyber means, should Iran’s enemies overstep 
boundaries laid by the regime. The logistics industry, being a critical part of infrastructure, confronts 
substantial risks from advanced threat actors from Iran and beyond. Data we have recently published on 
the industry reveals a consistent pattern of attacks, with a clear emphasis on developed economies and 
major global logistics hubs. Although true that the detection of APT campaigns has declined, a correlation 
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between the current geopolitical landscape and the most targeted countries remains evident. Any further 
escalation in the Red Sea thus threatens to bring a large-scale cyber attack with it, with logistical hubs 
and other critical infrastructure being the most threatened sectors. Moreover, countries participating in 
the Operation Prosperity Guardian are more likely to be targeted in cyberspace than others. 
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There has been a spike in layoffs over the last few months at numerous technology organizations, 
including Twitch, Unity, Dataminr, and more. Emotions aside, these redundancies and layoffs pose 
several data security concerns for organizations having to navigate through this process. When 
employees are offboarded, they often still retain access to a company's digital assets, such as email 
accounts and communication apps (i.e. Google Drive and Slack), cloud storage, proprietary software, 
and more. If access entitlements and permissions are not dealt with accordingly and in accordance with 
employment status change (i.e. terminations or layoffs), the risk of sensitive data theft or misuse runs 
high. During this time of increased layoffs, business leaders would be wise to ensure they are in the 
safest position possible when employees are laid off. 
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Different Types of Risk Exposure 


There is an undeniable lack of oversight and control over who has access to sensitive data within the IT 
estate during the layoff process. Bad actors are increasingly targeting SaaS applications because they 
store precious data. Because of this, there are many different types of risk exposure that organizations 
face when employees are laid off. 


The widespread enterprise adoption of cloud-first business strategies has significantly increased the 
amount of SaaS applications created and used by organizations. Businesses frequently use multiple 
cloud-based applications such as Google Drive or Slack to collaborate, store data, and share files with 
colleagues or clients. Although these applications are beneficial in some ways, the collaborative nature 
can pose serious security risks to organizations because sensitive data is frequently stored within these 
applications. File owners can easily share access with their personal emails or external parties with just 
one click. In a recent report by DoControl, it was revealed that 61% of employees have previously shared 
company-owned assets with their own email. Once this file is shared publicly, there’s no telling who else 
might gain access to the data within. 


Complications also arise as business users continue to use messaging SaaS applications such as Slack 
or Microsoft Teams to communicate and exchange information. Private data such as PII, passwords, and 
financial information are often shared between coworkers on these platforms. This leaves sensitive data 
exposed for internal and external parties to take advantage of. Moreover, once employees are laid off, 
they become prime targets for cybercriminals to target for social engineering attacks. Bad actors or 
competitors might offer former employees money to share private, company-owned data. If business 
leaders conduct layoffs abruptly without offering a reason or severance, laid off employees might also be 
frustrated and have incentive to leak data for their own personal gain. 


Best Practices for Protecting Your Data 


Especially during this season of mass layoffs, businesses must take a proactive approach to protect 
confidential or proprietary information and avoid leakage of sensitive company data. As more 
organizations adopt cloud-first SaaS operations, IT leaders will need to reevaluate their security posture 
and implement strict access permissions. Security teams should frequently monitor for suspicious activity 
and file sharing, and ensure that only necessary personnel have access to sensitive data. It is also 
imperative for businesses to revoke access to shared files as soon as employment status is changed. 


Most threats can be prevented with modern SaaS security tools for specific use cases, such as Data 
Loss Prevention (DLP), Cloud Access Security Broker (CASB), and Insider Risk Management (IRM) 
solutions. Additionally, training employees on best practices for data security will go a long way. IT 
security teams should emphasize company policies during layoffs and remind employees that data 
security is a shared responsibility. The cybersecurity threat of data leakage will likely continue to rise in 
line with layoffs. Organizations should look to navigate this process with better empathy, and be more 
proactive in their approach. 
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National security is amid a transformative journey driven by technological progress in more ways than 
one. One of those ways has led Federal agencies, like the Department of Defense (DoD) to find 
themselves at a critical juncture, where meticulous consideration of data location, storage, and 
management is crucial for security and decision making. But while actively adopting architectures rooted 
in data fabric or data mesh to fortify security and ensure authorized data accessibility, they simultaneously 
grapple with the accumulation of vast volumes of data for various purposes, some of which may go 
unused and thus never harnessed for a myriad of valuable insights before their value or utility starts 
depreciating. The evolving landscape demands not just a forward-thinking approach to data 
categorization and tagging but also strategic measures to address challenges such as data sovereignty, 
redundancy, and the potential consequences of data decay. 
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The Crucial Role of Data Categorization 


Effective data tagging, filing, and categorization emerge as pivotal for Federal agencies due to several 
key reasons. These processes (often automated and background leveraging some form of Machine 
Learning to learn and evolve over time) enhance data understanding, enabling agencies to identify and 
prioritize essential information for critical operations or decision-making. Searching for data gets a 
significant boost (note here that search for data is different from search in data) and makes the data 
corpus or ecosystem of the organization more organized and accessible to its various stakeholders from 
IT through decision makers through data practitioners. Streamlining resource allocation is facilitated by 
directing attention and resources towards managing and securing the most critical and valuable data, 
thereby reducing operational costs associated with unnecessary information. Additionally, well- 
categorized data supports strategic decision-making, enabling agencies to derive meaningful insights 
and drive efficient operations to enhance mission objectives. 


Establishing Comprehensive Data Governance Policies 


In parallel, the implementation of comprehensive data governance policies is crucial for Federal agencies, 
recognizing the diverse needs of each agency. Standardized policies covering data classification criteria, 
access controls, data lifecycle stages, compliance requirements, and guidelines for integrating artificial 
intelligence can greatly benefit these agencies. Well-defined criteria and standards for classification guide 
the handling, storage, and access of different data types, ensuring the application of appropriate security 
measures and promoting a more unified and secure data environment. 


Addressing Security Risks in the Digital Age 


Addressing security risks in the digital age is a crucial aspect of this landscape. The security risks of 
retaining unnecessary data are heightened as obsolete or redundant data increases the attack surface, 
providing cyber attackers with more potential entry points. Implementing secure data destruction methods 
remains essential for records management, and Al can be utilized to automate the identification and 
disposal of irrelevant data. Regular audits and compliance checks should focus on Al-driven processes 
to verify adherence to data disposal policies and regulatory compliance, addressing both human and 
machine learning errors. Ensuring data integrity involves additional considerations, such as data 
encryption, to safeguard sensitive information during transit and at rest. Regular data backups, dynamic 
tiering, and robust recovery mechanisms become essential to mitigate risks of data loss or system failures 
as well as ensuring the right data is being delivered to the data users (and obsolete data is not diminishing 
the data access and analytics processing time). 


Leveraging Al's Role in Steering Data Lifecycle Integration 


The role of Al in data management is underscored by the understanding that Al is only as strong as the 
data that feeds it. Federal agencies must ensure they use relevant and timely data, recognizing that, like 
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any perishable good, data has a shelf life. Processing the right data unlocks endless possibilities, as Al 
plays a pivotal role in data management by enhancing efficiency and accuracy in categorization 
processes. Machine learning algorithms, learning from patterns, automatically tag and categorize data 
based on predefined criteria, accelerating the categorization process while ensuring consistency and 
accuracy, thus mitigating the risk of both human and machine learning errors (apart from the enormous 
time saved in contrast to manual review and automation of a repetitive task). This underscores the critical 
connection between technological advancements, data management, and national security imperatives. 


Continuously revisiting the data lifecycle and its management, particularly with the integration of Al, is 
crucial. Implementing a structured approach to managing data, from creation to disposal, ensures the 
utilization of Al in enhancing efficiency and accuracy. Protocols for data retention periods, archival 
processes, and secure disposal methods must be defined to minimize risks associated with retaining 
unnecessary or outdated data. 
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Gone are the days when traditional antivirus solutions were the bulwark of endpoint security. In the past, 
these antivirus programs were largely sufficient, as the majority of cyber threats were file-based and could 
be effectively countered with signature-based detection methods. However, as the browser has ascended 
to become the most widely used application in our lives, the nature of threats has evolved. Today's web- 
based threats are not only more sophisticated but also come in various forms that elude the grasp of 
conventional antivirus tools. This is primarily due to their inherent lack of application awareness, a critical 
gap that leaves them blind to the nuanced and complex nature of modern web-based attacks. As such, 
it is imperative that security tools and browsers inherently focus on protecting the user from the threats 
that lurk on the web. Realistically, browsers prioritize efficiency and user experience, falling short in 
protecting the user against the myriad of web-based threats. Therefore, it is both timely and essential 
that a new class of security products that strengthen the browser security space be introduced to address 
the deficiencies of traditional security and the shortcomings of browser's inbuilt security. 
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One of the most pressing concerns in browser security is the prevalence of zero-day vulnerabilities. Zero- 
day vulnerabilities refer to the flaws that get exploited by attackers before developers can patch them. 
These vulnerabilities, arising from coding errors or design flaws, provide unintended openings for security 
threats. The exploitation of these vulnerabilities can lead to unauthorized access, data compromise, or 
even remote control over systems. The time lag in detecting these vulnerabilities come at the cost of 
security to the millions of users using the browser. 


Take for instance the WebP vulnerability - a security flaw in libwebp library used to decode WebP images. 
This flaw allowed attackers to execute code by exploiting the library's handling of Huffman coding, a 
method for compressing data. Specifically, the vulnerability stemmed from the way libwebp built its lookup 
tables for decoding. Malformed WebP files could create imbalanced Huffman trees with excessively long 
codes, leading to buffer overflows. This meant that the decoder could write data outside the intended 
memory area, potentially corrupting memory and allowing attackers to manipulate the program's 
behavior. 


Despite diligent maintenance by experienced developers, a single oversight in validating Huffman tree 
structures in libwebp led to this critical vulnerability. The widespread adoption of WebP in various 
software, including web browsers and operating systems, heightened the impact of this vulnerability. 


Other than zero-day attacks, browsers are vulnerable to a host of attacks such as Cross-Site Scripting 
vulnerabilities, malvertising, and even social engineering campaigns tricking users into downloading 
malicious software under the guise of necessary updates. 


Traditional endpoint security solutions such as antivirus softwares aims to protect users from various 
cyber threats, primarily by blocking access to known malicious content and websites. Built on extensive 
databases of malware signatures, these programs probabilistically identify and prevent recognized 
threats. However, a significant limitation of antivirus software lies in its inability to understand the 
intricacies of application behavior, particularly in complex applications like web browsers. 


Antivirus systems lack insight into the specifics of application activities, such as which browser tab is 
initiating certain network requests, or whether a string copied to the clipboard is being transmitted over 
the network in a potentially harmful manner. This lack of detailed application-level awareness means that 
antivirus programs can't accurately correlate observed data with its source or context within an 
application. Consequently, this can allow malicious activities to go undetected, as the software struggles 
to differentiate between benign and harmful actions based solely on the data observed. Moreover, when 
antivirus solutions are overly aggressive in their blocking tactics, this can lead to a high number of false 
positives. This can disrupt user workflows, mistakenly blocking or quarantining legitimate applications 
and files, thereby causing significant inconvenience and potential data loss. 


On the other hand, false negatives pose a more direct security risk. When antivirus software fails to 
identify and stop a malicious program or file, it allows the threat to infiltrate the system. This can lead to 
a range of issues, from data theft and system damage to ransomware attacks and identity theft. 
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Next-Generation Endpoint Security: A Response to Browser Security Failures 


The next generation of endpoint security solutions are evolving in two key areas: isolating web activities 
from user devices and leveraging in-browser artificial intelligence (Al) for advanced threat detection and 
smart isolation. This dual approach changes how online security is managed, moving away from 
traditional methods that often fall short against sophisticated cyber threats. 


Historically, remote browser isolation technologies were predominantly used in the enterprise sector due 
to their high costs and complex implementation. However, recent advancements have made these 
technologies more accessible and affordable for everyday users. Companies like SquareX are at the 
forefront of this change, offering browser and document isolation as a convenient browser extension. 
This innovation allows users to experience enhanced security into their preferred browsers. Such 
solutions provide robust protection against zero-day attacks, a significant leap from the traditional 
probabilistic methods that often fail to identify new and evolving threats. 


The integration of Al natively into the browser further bolsters their effectiveness and enhances user 
privacy. Al-driven systems can intelligently identify and isolate potentially harmful sites instead of blocking 
them, separating them from the user's regular browser activity. This proactive approach enhances 
security and ensures a smoother browsing experience by minimizing unnecessary disruptions. 


It is evident that the focus of endpoint security is shifting from mere detection to comprehensive 
prevention without compromising user productivity. By addressing the inherent weaknesses in browser 
security and advancing beyond traditional antivirus capabilities, these next-generation solutions are 
setting a new standard in cybersecurity, providing users with the assurance and protection they need on 
their devices. 
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After thousands of Hamas terrorists breached an internationally recognized border on October 7, 2023, 
murdering more than 1,300 Israelis and kidnapping hundreds of others, Israel found itself at war. 


Within days, upwards of 300,000 Israelis were summoned to miluim, or reserve duty, the equivalent of 
five million Americans being asked to leave their jobs and their families and rush to defend their country. 
This meant that businesses, from large corporations to small shops, now had to grapple with employee 
trauma, severe resource shortages, and a wartime economic reality that, according to some estimates, 
could cost Israel as much as $50 billion in total. 


Crises and challenges are a staple of the technology and cybersecurity industries. As leaders, we do our 
best to plan for growth, setbacks, and business resilience. However, no one had anticipated a crisis of 
this severity. The situation was daunting for organizations of all sizes, especially for the start-up 
community that thrives on being agile and using limited resources wisely. 
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As | reflect back on the past few months and understand that the situation is still ongoing, I’d like to share 
a few insights that I’ve learned about crisis management, which have implications beyond Israel and the 
current war. 


It’s all about priorities 


In ordinary times, prioritizing projects and resources is a somewhat leisurely task. Each division and each 
person knows what they ought to focus on, and though managers must still make decisions it’s usually 
rather obvious which task should be performed, by whom, and in what order. 


Not so in a crisis. 


As soon as war broke out, one of my co-founders, a senior officer in the Israeli army’s cybersecurity unit, 
was drafted immediately. Approximately 45 percent of our engineering team members were also called 
in to serve. | realized that we were not going to have as many people as we needed to keep business 
running the same way it had before. 


Immediately, we prioritized the urgent short-term goals that were critical to supporting our customers. 
This was an obvious decision, but we soon learned, a few days in, that unless we adjusted our priorities 
once again, we’d remain in a cycle of underproduction, addressing nothing but the most pressing needs 
and losing our competitive edge for the future. For example, we needed to stabilize R&D. To help with 
less complex integration work, we onboarded a high-quality external development team, while the 
remaining core team could focus on more strategic demands. The result was reassuring: we were quickly 
back to capacity, even at a time of crisis. 


Be a Visible Leader 


When a crisis strikes, there is no greater priority than making sure your team sees you, can talk to you, 
and gain reassurance from you. At the start of the war, we located and connected with every employee 
in Israel to check on them and their families. Their safety and well-being were our top priority. | 
encouraged employees to work at home, while still having an active office for employees who wanted the 
normalcy of being at work around fellow employees. For remote workers, we kept an open Zoom meeting 
to facilitate collaborative work and foster team inclusion and communication. We had a dedicated 
WhatsApp channel for Israeli employees to be able to request help day or night. | held virtual coffee 
breaks and company all hands to keep everyone informed and connected. | reached out to customers 
and was overwhelmed by their compassion and support. 


Visible leadership goes beyond the role of the CEO. Right after the war broke out, our co-founder and 
CTO, Tomer Schwartz, stepped in to lead R&D. He asked questions, deputized a host of employees who 
weren't in service, and empowered them to follow his lead and run projects and teams outside of their 
normal roles. He made himself visible and available to customers, prospects, and employees all around 
the world. It didn’t matter what time it was or day it was. He and the team could be counted on to show 
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up and move the business forward. It was incredible to see leadership across the company, no matter 
the job title. 


Embrace a Greater Purpose 


Times of crisis are challenging not merely because they present us with a greater volume of work. They’re 
emotionally and mentally challenging because they remind us that we can never fully anticipate what 
tomorrow may bring. 


To relieve anxiety and support our people, we learned how important it was to bring the team together to 
bond over greater purposes that had nothing to do with work. 


We did this on a small scale, by making sure we ate many of our meals together, ordered in to save 
everyone time and effort, or enjoyed yoga classes together, starting our days with exercise that focused 
on mind and body alike. We also did it by encouraging employees—even in the midst of a pressing and 
hectic period—to take time off and volunteer together, helping their country and their community—so we 
could go from feeling helpless to making a difference. 


These are by no means hard and fast rules; crises differ in scope and nature, and none is ever the same 
as another. | offer these insights and lessons learned with the hope that they will help others prepare 
their own crisis management plans and come through the other side with greater resilience, compassion, 
and commitment. 
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Why Is Hardware More Secure than Software? 


The underlying differences between hardware and software when implementing critical 
cryptosystems. 


By Kimmo Jarvinen, Co-founder and CTO, Xiphera 


The majority of today’s cryptographic implementations rely on software running on general-purpose 
processors. While this method is a practical and justified approach for many applications, software-based 
cryptography has inherent weaknesses when it comes to safeguarding of critical systems and 
applications. 


Cryptography designed directly into hardware, especially on field programmable gate arrays (FPGAs) or 
application specific integrated circuits (ASICs), solves many weaknesses of software-based 
cryptography, offering superior security and efficiency compared to software-based security approach. 
This article scrutinizes the weaknesses of software-based cryptography and explores the advantages of 
the hardware-based alternatives in protecting essential systems, such as industrial control and 
automation systems, as well as critical communication infrastructure. 


EE 
Cyber Defense eMagazine — February 2024 Edition 127 


Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide. 


Weaknesses of software-based cryptography 


One of the most crucial weaknesses of software-based cryptography is the need for implicit trust in a 
very deep stack of software layers. Software-based cryptography relies on a complex stack of 
technologies, including cryptographic library, operating system, drivers, compilers, CPU, etc. If security 
at any layer fails, it could compromise the entire cryptosystem. Sharing physical resources with potentially 
malicious programs exposes software-based implementations to multiple security risks — despite modern 
security protection, a successful attack to any of the physical resources can jeopardize other functions in 
the system. 


It is also common for many computer systems to have their most sensitive data (for example, encryption 
keys) located in the same memory with non-sensitive data, which can be exposed by even fairly trivial 
bugs in a program. One of the most infamous examples is the Heartbleed buffer over-read bug in 
OpenSSL published in 2014, which allowed a remote attacker to read large portions of the victim’s 
memory that could include passwords, encryption keys, and other sensitive data. 


Software-based cryptographic implementations are also harder to protect against side-channel attacks. 
These cryptanalytic attacks target the implementation rather than the mathematical foundations of a 
cryptosystem. Side-channel attacks can be based on, for example, execution time or power consumption 
of the computing device. Software-level implementations often lack the low-level control required to 
protect against such attacks due to the microarchitectural optimizations of modern processors. 


Hardware-level bugs in processors may also compromise software-based security, posing challenges to 
fixing vulnerabilities in deployed systems. Examples of such security attacks include the Meltdown and 
Spectre attacks, which well demonstrated the challenges and costs of fixing processor vulnerabilities for 
already-deployed systems. 


Benefits of hardware-based solutions 


When implementing cryptography directly as hardware logic design (FPGA or ASIC), the critical 
computations and data can be isolated into a dedicated IP core (Intellectual Property core) segregated 
from the main system. Cryptographic keys are the most vital components of the entire cryptosystem. 
Storing these in a separate cryptographic IP core provides a significant security enhancement compared 
to the software-based security approach. Many software-based systems rely on hardware to secure 
cryptographic keys, by storing them to a Hardware Security Module. 


Hardware-based cryptography offers superior resilience compared to the software-based approach when 
it comes to side-channel attacks. Hardware designers have granular control over implementation details, 
enabling fully constant-time IP cores that nullify timing attacks. This level of control is challenging to 
achieve in software-based implementations due to microarchitectural optimizations beyond the 
programmer's reach. 


In addition to enhanced security, using hardware-based cryptography offers superior performance and 
energy efficiency compared to software-based cryptography. High-performance cryptographic IP cores 
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can achieve throughput levels of up to hundreds of Gigabits per second with significantly lower energy 
consumption per cryptographic operation. 


Conclusion 


A higher security level, better performance, and lower energy consumption build trust and preference in 
hardware-based cryptography over software-based approach in implementation of security-critical 
operations, such as key management or cryptographic operations. FPGAs and ASICs are already used 
in various industrial control and automation systems. FPGA platforms combine the best of both worlds, 
as they can be re-programmed and updated for already existing applications without additional hardware, 
or other prohibitively costly investments, while also offering full isolation of security-critical data and 
operations from the rest of the system. ASIC-based implementations offer further performance and lower 
power consumption, as well as potential cost benefits for high-volume deployments. 
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Data breaches are a problem in virtually every industry. However, they carry extra weight when they 
happen to federal agencies. Cyberattacks on government organizations can cause widespread damage 
— even endangering public safety — and they remain dangerously common. 


The federal government is no stranger to cybersecurity best practices. There’s an entire agency devoted 
to it, and many of the strictest security laws apply specifically to government bodies. Yet, with all this 
attention, federal data breaches still happen. Here’s a closer look at why that is. Will they ever end? 


U.S. government agencies experienced more than 32,000 cybersecurity incidents in 2021. In response, 
the Government Accountability Office recommended over 4,000 changes for federal organizations to 
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become more secure. By the end of 2022, though, the government had yet to implement nearly 900 of 
these. 


On the positive side, that trend means federal agencies have implemented thousands of security 
improvements since 2021. The government has also proposed a $12.72 billion cybersecurity budget for 
2024, over $1 billion more than 2023’s spending. 


Much of the government’s recent security action has focused on increasing the cybersecurity workforce. 
Other changes — like the Cybersecurity Maturity Model Certification — hold government contractors to 
a higher standard to minimize third-party breaches. Federal agencies have also encouraged more public- 
private collaboration to improve security standings and recommended higher employee education and 
threat monitoring standards. 


Despite these changes, government cybersecurity still has much room to improve. 2023 saw_an uptick 
in government breaches after three years of decline. The number of records exposed in these events 
also quadrupled between 2022 and 2023. These figures are still below all-time highs, but they don't instill 
much confidence. 


Why Government Breaches Still Happen 


Part of this recent uptick in government data breaches stems from a rise in cybercrime as a whole. As 
the world relies more on data and digital systems, cybercriminals stand to gain more from their attacks, 
encouraging more crime. Tools like ransomware-as-a-service have also lowered cybercrime’s bar for 
entry, furthering this growth. 


Government organizations often have highly sensitive data, making them more valuable targets. 
Consequently, federal agencies experience a disproportionate amount of this growing cybercrime. 
Education is the only industry to suffer more cyberattacks than the government. 


Of course, the government must also meet higher cybersecurity standards than many private businesses. 
While that should counteract some of the sector's high attack volumes, it’s important to recognize that 
not all vulnerabilities are technical. Federal organizations may have advanced security software, but their 
employees are still vulnerable to social engineering and similar threats. 


Because the government experiences many attacks, its employees are more likely to feel cybersecurity 
fatigue — a feeling of being overwhelmed by security threats, leading to mistakes or complacency. More 
than half of all security professionals experience it, and frequently targeted sectors like the government 
are more vulnerable. 


Ironically, high cybersecurity standards may compound these workforce-related risks. Working through 
all the red tape of government security may make workers feel stressed or frustrated. As a result, they’re 
more likely to make security-endangering mistakes or fall for phishing attempts. 
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The Future of Government Cybersecurity 


In response to these trends, 93% of federal agencies are increasing their IT security spending. Money 
alone won't stop data breaches, but it can enable some important changes. 


As artificial intelligence (Al) has become more prominent, Al threats and protections have come into the 
spotlight. Machine learning can reduce alert fatigue and improve response times in government agencies 
through automated monitoring and breach containment. However, cybercriminals can use similar tools 
to deliver more dangerous attacks. 


Thankfully, the government is aware of this threat. A late 2023 executive order has called for Al-focused 
security standards and is establishing a program to develop Al-assisted security software. These steps 
will help protect federal agencies from Al attacks and more conventional incidents. 


More young professionals will likely enter the security workforce as cybersecurity awareness grows. 
Government incentive programs will ensure federal agencies benefit from this growth. While this shift will 
take time, it will lessen security teams’ workloads, enabling faster responses and reducing burnout. 


Of course, cybercrime will grow and evolve, too. Consequently, government breaches may worsen before 
they improve, as cybercriminals can adopt new tools and strategies faster than highly regulated 
organizations. In the long term, though, Al and a larger security workforce will improve federal 
cybersecurity standings. 


Data Breach Prevention Is a Never-Ending Task 


Cybersecurity is an ongoing battle as each side adapts to the other's new technologies and techniques. 
As a result, the federal government will likely never eliminate data breaches entirely. However, these 
incidents will become less frequent if agencies can implement their current goals effectively. 


Government security affects everyone, not just federal employees. Businesses and consumers must pay 
close attention to these trends to understand the risks facing their data and the systems they rely on. 
Government processes are becoming more secure, but there will be some bumps along the way. 


About the Author 


April Miller is the Managing Editor of ReHack Magazine. She is particularly 
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technology into their professional lives to increase their productivity, efficiency 
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How will security analytics, machine learning/Al, and applied data science in the security space evolve 
in the coming year? Here are five cybersecurity predictions for 2024, developed by myself and my security 
executives and research colleagues. 


Mature Zero Trust organizations shift focus to Automation and Orchestration, and Visibility and 
Analytics pillars. 


Enterprises that were early adopters of Zero Trust frameworks are now a few years into their journeys 
and have made progress in the five pillars of Zero Trust: identity, devices, networks, applications and 
workloads, and data. In 2024, about 35% of these early adopter organizations will move into more 
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advanced stages of Zero Trust and focus on the overlay pillars: Automation and Orchestration, and 
Visibility and Analytics. 


These pillars permeate the entire organization and many different IT/IS departments. Building them out 
requires having visibility into everything happening in the Zero Trust environment, including all of the 
tools, applications and processes in place to protect the five core pillars. Maturing these two overlay 
pillars requires new capabilities and technologies like advanced analytics powered by machine learning 
and Al as well as identity-centric SIEM, UEBA and SOAR capabilities. The Automation and Orchestration 
pillar requires high-fidelity detections combined with rich contextual data, and the ability to dynamically 
prioritize events and alerts accurately in order to automate remediations without interrupting legitimate 
business processes in the crossfire. 


Al can improve SOC team efficiency now — and will improve over time 


While the adversaries are busy trying to weaponize Al to achieve their goals, the benefit of Al for 
defenders and the Security Operations Center (SOC) team will be more immediate and more significant. 
Al will empower SOC analysts with powerful insights into datasets across identity, security, network, 
enterprise and cloud platforms. Specifically, it will improve SOC team efficiency and help counter the 
ongoing challenges of limited resources and skill sets, overwhelming alert fatigue, false positives and 
mis- or unprioritized alerts in the following ways: 


e Provide proactive suggestions for detections and threat hunting queries. 

e Create new threat content based on recent trends, learnings across customers and industry 
verticals to dynamically improve or suggest new ML models, queries, reports and more. 

e Auto-triage alerts based on historical triage patterns, investigation notes, types of detection, 
relevance, and attack trends to automate and suggest key incident response activities with ease 
including creating custom reports, taking bulk actions, and multi-step workflows. 


Cybercriminals are already using Al to make their attacks better — and improve the tactics, techniques, 
and procedures (TTPs) of attacks. But advanced machine learning models that are trained using 
adversarial Al will be able to combat these new attacks. Organizations should invest in quality, mature 
ML/AI powered technologies for threat detection and explore how Al can help their SOC teams spend 
less time investigating (or chasing false positives) and more time eradicating true threats. 


Among companies without an insider threat program, 75% will start to plan, build and budget for 
a formal insider threat program, with a majority of that growth coming from the SME (Small and 
Medium Enterprise) market 


Recent research shows that more than half of organizations have experienced an insider threat in the 
past year and 68% are “very concerned” about insider threats as they return to the office or move to 
hybrid work. 74% say insider attacks have become more frequent, and 74% say they are moderately 
vulnerable or worse to insider attacks. Overall, companies of all sizes are becoming increasingly aware 
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of the risk of insider threats and addressing the problem. SMEs in particular are taking insider threats 
much more seriously than in recent years. 


In response to these growing concerns, 75% of organizations that have protected data (PHI, PIl, etc.), 
valuable IP, or compliance requirements, but don’t currently have an insider threat program, will start 
planning or building one in 2024. Along with that, the adoption of insider threat solutions will increase by 
at least 50% as these programs develop. Some tools enterprises should consider for starting their insider 
threat program are a next-gen SIEM, UEBA combined with identity and access analytics, and/or a DLP 
solution to limit data exfiltration. 


MSSPs and MDRs serving SMBs will grow by 25% YoY as part of a customer-driven push for 
vendors to provide services rather than just selling products. 


A strong demand from SMB customers for Managed Security Service Providers (MSSPs) and Managed 
Detection and Response (MDR) providers will continue in 2024. This market growth is driven mainly by 
the lack of skilled personnel to manage and maintain the appropriate systems and processes to protect 
small and medium businesses from cyber attack and ransomware. This talent shortage shows every sign 
of getting worse in 2024. 


In response to this demand, service providers will wrap many individual services together to offer 
packages to their customers to meet their current business needs and help match levels of protection to 
varying budgets. This means security vendors should create multi-tenant solutions that integrate easily 
with other security vendors’ products and cover both cloud and on-premise environments. They should 
also design their products and business practices to work well in a managed services model. This means 
flexible licensing and billing models and dedicated programs and resources that support this unique go- 
to-market motion through service providers to satisfy the growing market demand. 


2024 will be the year of public-sector attacks and hacktivism. 


The public sector domain, including the education system, the medical system and public infrastructure, 
will be a primary ransomware target in 2024. This is because these systems are widely seen as easy 
targets that offer attackers fame, information, and money. Public infrastructure like water and electrical 
systems around the world will be increasingly targeted by nation-state actors involved in geopolitical 
conflicts. These systems are not well-protected and offer a huge payoff in terms of the damage and chaos 
caused by disrupting them. We will also see an increase in hacktivism activities against government 
agencies and the supply chain that supports them, including DDOS attacks and APT's. 
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The digital landscape, once akin to a fortified city with well-defined perimeters safeguarding precious 
data, now faces the onslaught of a multitude of modern threats from an ever-increasing number of 
proficient cyber attackers that render our traditional security models obsolete. In this rapidly changing 
environment, where medieval walls are starting to crumble under the pressure of these sophisticated 
attacks, the paradigm of security is undergoing a transformative shift towards the concept of zero trust. 


Unlike towering gates protecting a citadel, zero trust establishes vigilant checkpoints at every turn, 
acknowledging the dynamic and interconnected nature of today's new digital world. Yet, as we embark 
on this revolutionary journey, we find ourselves entangled in a legal labyrinth, a complex framework that 
must be navigated to forge a safer digital future. 
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From Castle Keeps to Constant Verification: 


The genesis of zero trust can be traced back to 2010 when John Kindervag of Forrester Research 
recognized the limitations of perimeter-based security. As cloud computing, remote work, and 
interconnected devices blurred network boundaries, the outdated "trust but verify" approach became 
more and more inadequate. A single vulnerability in the security walls could be exploited by hackers, 
leading to widespread havoc for organizations. Zero trust has emerged as a response, emphasizing 
constant verification over blind trust. 


Why Zero Trust Matters Now: 


The Evolving Threat Landscape: Cyberattacks have evolved over the last few years to target not 
only external vulnerabilities but also privileged insiders and compromised devices. Zero Trust's 
commitment to continuous verification is a proactive defense against these increasing and 
evolving threats. 

Hybrid and Cloud Environments: In today's digital landscape, data no longer resides within our 
neatly defined walls. Zero trust's "least privilege" approach, providing access only to specific 
resources, effectively secures our new distributed environments. 

Remote Work Revolution: Physical proximity no longer serves as a measure of trust. Zero trust 
ensures that only authorized users and devices, regardless of their location, can access sensitive 
data. 


The Legal Maze: A Guide to Secure Paths: 


The rise of zero trust has catalyzed a flurry of legislative activity across all vectors and verticals, 
influencing its implementation and impacting organizations globally. Navigating this legal maze requires 
exploring various paths: 


Government Mandates: The US Executive Order 14028 and UK NCSC guidance are pivotal in 
shaping government adoption, potentially influencing legislation for critical infrastructure sectors. 
Standards and Frameworks: NIST Special Publication 800-207 offers detailed recommendations 
for government agencies, while the CSA Zero Trust Adoption Framework guides businesses. 
Data Privacy Regulations: GDPR and CCPA, emphasizing data access control and minimization, 
align with zero trust principles. 

Emerging Areas: Regulations concerning cryptography, encryption, and supply chain security 
become crucial as zero trust extends beyond organizational boundaries. 


Challenges and Opportunities: 


Harmonizing international regulations, balancing security with privacy, and adapting to technological 
advancements are some of the key challenges. Yet, opportunities abound: 
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e Enhanced Security: Zero trust builds robust defenses against our ever-changing threat landscape. 

e Agility and Scalability: Its adaptable nature caters to diverse environments and future 
technologies. 

e Reduced Costs: Proactive risk mitigation minimizes damage from successful attacks and 
associated recovery costs. 


The Path Forward: 


As we embrace zero trust, a comprehensive understanding of its legal landscape is going to be crucial 
to building a secure future. Collaboration across industries and nations is going to be essential to creating 
a framework that fosters innovation while safeguarding our digital future. 


Navigating this labyrinth will require not only technological prowess but also a clear understanding of the 
legal map guiding us toward a secure, borderless digital world. 
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